Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus.Win64.ZAccess.b [Closed]


  • This topic is locked This topic is locked

#1
Fidel Castro

Fidel Castro

    Member

  • Member
  • PipPipPip
  • 162 posts
Hello again experts,

Well, I'm with my brother's laptop right now and it has a lot of malwares.

I've tried using AntiMalwareBytes and Kaspersky and I did remove some of the problems but I'm not able to clean my laptop completely so I'm writing to you, asking you kindly for help.

He told me that he was using Avira which was giving him virus alerts all the time so he uninstalled it and installed Kaspersky 2013 trial.

There was also some 'Security Shield 2012' which was installed but I found out that it's a virus so I successfully removed it in Safe mode or at least I think I did.

Now, his Kaspersky AV is always popping up a virus alert of 'Virus.Win64.ZAccess.b' but it cannot be fixed and nor removed.


Anyways, I'm not having some serious problem with the laptop's performance but I know that it's infected and I'd like to clean it up and I hope we will do it together, thanks to you.



Here's the OTL log:

OTL logfile created on: 29/06/2012 23:17:43 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Loncarevic\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Regno Unito | Language: ENG | Date Format: dd/MM/yyyy

3,86 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 56,40% Memory free
7,71 Gb Paging File | 5,56 Gb Available in Paging File | 72,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,46 Gb Total Space | 243,03 Gb Free Space | 53,71% Space Free | Partition Type: NTFS

Computer Name: LONCAREVIC-VAIO | User Name: Loncarevic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 23:16:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Loncarevic\Desktop\OTL.exe
PRC - [2012/06/26 02:16:19 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/06/26 02:16:17 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/06/25 20:33:17 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2012/06/25 20:31:12 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/06/15 00:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/31 19:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\avp.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Loncarevic\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/05/17 23:35:15 | 000,624,856 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programmi\Sony\VAIO Care\VCService.exe
PRC - [2011/01/29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programmi\Sony\VAIO Care\listener.exe
PRC - [2010/06/22 09:39:28 | 000,081,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
PRC - [2010/06/20 21:47:16 | 000,099,696 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
PRC - [2010/06/17 12:44:10 | 000,851,824 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2010/06/08 23:55:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/05/31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/05/31 19:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/05/31 17:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010/05/28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/20 14:24:12 | 000,087,408 | ---- | M] (Sony Corporation) -- C:\Programmi\Sony\VAIO Personalization Manager\VpmIfPav.exe
PRC - [2009/07/14 03:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2006/09/19 10:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/26 02:16:20 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/06/26 02:16:17 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/25 20:31:12 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/06/15 00:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 03:39:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:39:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/05/10 11:24:44 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll
MOD - [2012/05/09 19:41:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 19:40:56 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/09 19:40:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/09 19:40:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/09 19:40:42 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/09 19:40:18 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/30 13:39:48 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/07/30 13:39:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_it_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/01/20 13:57:56 | 000,495,616 | ---- | M] () -- C:\Programmi\Sony\VAIO Personalization Manager\sqlite3.dll
MOD - [2006/09/19 10:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010/06/24 22:06:19 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/06/26 02:16:19 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/06/15 00:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/31 19:00:26 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\avp.exe -- (AVP)
SRV - [2012/05/30 00:56:23 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/17 23:35:15 | 000,624,856 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programmi\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programmi\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010/07/30 03:57:33 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/21 18:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programmi\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2010/06/20 21:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/06/20 21:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/06/18 07:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/06/17 12:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/06/09 15:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010/06/09 15:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programmi\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010/06/09 15:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programmi\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2010/06/08 23:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programmi\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/06/08 17:00:04 | 000,836,608 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programmi\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010/06/06 22:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programmi\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/05/31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/05/28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/05/28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/01/09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/29 15:55:40 | 000,640,344 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/05/25 19:38:48 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/05/25 19:30:34 | 000,027,992 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/05/24 11:34:46 | 000,172,888 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/05/12 17:13:34 | 000,054,064 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/04/13 13:54:06 | 000,458,544 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/27 18:34:24 | 000,030,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 14:04:08 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/05/10 13:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/01/18 17:52:55 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/12/02 12:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/12/02 12:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/12/02 12:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/12/02 12:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/06/24 22:34:53 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/06/24 22:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/24 22:06:24 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/06/23 22:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/06/23 22:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/23 22:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/06/23 22:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/06/23 22:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/06/23 22:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010/06/23 22:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010/05/31 23:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/05/31 23:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/05/31 23:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/31 22:10:13 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/05/28 22:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/05/28 22:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2010/05/26 13:19:26 | 000,055,296 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvnusbaudio.sys -- (NvnUsbAudio)
DRV:64bit: - [2010/05/06 13:59:08 | 000,162,304 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJMidi.sys -- (HDJMidi)
DRV:64bit: - [2010/05/06 13:59:02 | 000,163,328 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJBulk.sys -- (Bulk)
DRV:64bit: - [2010/05/06 13:58:58 | 000,226,304 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV:64bit: - [2010/04/26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/16 15:10:10 | 000,011,264 | ---- | M] (Novation Digital Music Systems Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\automap.sys -- (automap)
DRV:64bit: - [2009/10/10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/03/27 19:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2010/01/29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Loncarevic\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SVEE&bmod=SVEE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-06-26 02:16:21&v=11.1.0.7&sap=hp
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SVEE_itIT414
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-06-26 02:16:21&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{EF9EFB30-5563-421F-89FB-1C5649C11705}: "URL" = http://services.zini...}&rf=sonyslices
IE - HKCU\..\SearchScopes\{F22ACC1F-4CE2-4271-97AC-3009EE7569C3}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MB2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..keyword.URL: "http://isearch.avg.c...6:21&sap=ku&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Loncarevic\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\f4-group.com/F4WebPlugin: C:\Users\Loncarevic\AppData\Roaming\F4\F4WebPlugin\npF4WebPlugin.dll (F4)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/25 20:33:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/26 02:16:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\FFExt\[email protected] [2012/06/29 21:00:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\FFExt\[email protected] [2012/06/29 21:00:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\FFExt\[email protected] [2012/06/29 21:00:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\FFExt\[email protected] [2012/06/29 21:00:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/25 20:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/25 20:33:57 | 000,000,000 | ---D | M]

[2012/01/25 12:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loncarevic\AppData\Roaming\mozilla\Extensions
[2012/01/25 12:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loncarevic\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/29 23:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loncarevic\AppData\Roaming\mozilla\Firefox\Profiles\p2wmt99k.default\extensions
[2012/05/29 23:36:46 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Loncarevic\AppData\Roaming\mozilla\Firefox\Profiles\p2wmt99k.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/04/06 11:05:46 | 000,000,909 | ---- | M] () -- C:\Users\Loncarevic\AppData\Roaming\Mozilla\Firefox\Profiles\p2wmt99k.default\searchplugins\conduit.xml
[2012/06/25 20:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/06/15 00:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/25 20:33:22 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/06/26 02:16:16 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/15 00:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/15 00:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Loncarevic\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Loncarevic\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Loncarevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Loncarevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Loncarevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.0.3370_0\
CHR - Extension: Safe Money = C:\Users\Loncarevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.0.3370_0\
CHR - Extension: Virtual Keyboard = C:\Users\Loncarevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.0.3370_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Loncarevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: uTorrentControl2 = C:\Users\Loncarevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\
CHR - Extension: Gmail = C:\Users\Loncarevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Loncarevic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.0.3370_0\

O1 HOSTS File: ([2011/01/17 21:39:52 | 000,000,853 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmi\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programmi\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Loncarevic\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: &Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB}: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6bd5a0a4-221e-11e0-8c6d-c44619b35837}\Shell - "" = AutoRun
O33 - MountPoints2\{6bd5a0a4-221e-11e0-8c6d-c44619b35837}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/29 23:16:21 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Loncarevic\Desktop\OTL.exe
[2012/06/29 23:12:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Loncarevic\Desktop\aswMBR.exe
[2012/06/29 21:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security Technical Preview
[2012/06/29 21:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/29 21:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/06/29 20:59:52 | 000,640,344 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/06/29 20:59:52 | 000,085,336 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2012/06/29 20:50:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/28 15:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
[2012/06/28 15:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BurnAware Free
[2012/06/28 14:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2012/06/28 14:43:21 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\Documents\My ISO Files
[2012/06/28 14:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2012/06/27 15:17:35 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\Desktop\burn
[2012/06/27 15:11:53 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Loncarevic\AppData\Roaming\pcouffin.sys
[2012/06/27 15:11:52 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\Documents\PcSetup
[2012/06/27 15:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vso
[2012/06/27 15:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSORAW
[2012/06/27 15:11:43 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\SysWow64\vp7vfw.dll
[2012/06/27 15:11:42 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\AppData\Roaming\VSO
[2012/06/27 15:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\VSO
[2012/06/27 15:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2012/06/27 13:27:23 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\Desktop\IlijaBACKUP
[2012/06/27 13:23:21 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\Desktop\Nero Burning ROM 10.5.10300 + Key
[2012/06/26 18:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/06/26 18:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/06/26 18:18:51 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\AppData\Roaming\ImgBurn
[2012/06/26 18:16:24 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\Desktop\historia clinica
[2012/06/26 17:58:18 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\Desktop\Mac OS X 10.6.3 retail
[2012/06/26 17:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/06/26 17:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012/06/26 02:17:08 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\AppData\Roaming\PowerISO
[2012/06/26 02:16:33 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\AppData\Local\AVG Secure Search
[2012/06/26 02:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/26 02:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/06/26 02:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/06/26 02:16:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/25 20:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/25 20:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/06/25 20:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/06/25 20:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/25 18:48:31 | 000,000,000 | R--D | C] -- C:\Users\Loncarevic\Dropbox
[2012/06/25 18:47:37 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\AppData\Roaming\Dropbox
[2012/06/17 12:46:46 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\AppData\Local\Macromedia
[2012/06/16 20:56:46 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\Desktop\emb, medicinas
[2012/06/16 18:46:03 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\Desktop\ZA CD
[2012/06/10 17:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85886016179A86228D54EA60145BE
[2012/06/07 20:53:41 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\AppData\Local\F4
[2012/06/07 20:52:37 | 000,000,000 | ---D | C] -- C:\Users\Loncarevic\AppData\Roaming\F4
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/29 23:16:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Loncarevic\Desktop\OTL.exe
[2012/06/29 23:16:08 | 000,000,512 | ---- | M] () -- C:\Users\Loncarevic\Desktop\MBR.dat
[2012/06/29 23:16:07 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 23:16:07 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 23:15:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/29 23:12:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Loncarevic\Desktop\aswMBR.exe
[2012/06/29 23:07:17 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/29 23:07:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/29 23:07:05 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/29 21:02:31 | 000,002,453 | ---- | M] () -- C:\Users\Loncarevic\Desktop\Safe Money.lnk
[2012/06/29 21:01:11 | 000,001,211 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security Technical Preview.lnk
[2012/06/29 20:16:52 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/29 09:18:43 | 000,000,271 | ---- | M] () -- C:\Users\Loncarevic\AppData\Roaming\burnaware.ini
[2012/06/27 15:11:53 | 000,099,384 | ---- | M] () -- C:\Users\Loncarevic\AppData\Roaming\inst.exe
[2012/06/27 15:11:53 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Loncarevic\AppData\Roaming\pcouffin.sys
[2012/06/27 15:11:53 | 000,007,859 | ---- | M] () -- C:\Users\Loncarevic\AppData\Roaming\pcouffin.cat
[2012/06/27 15:11:53 | 000,001,167 | ---- | M] () -- C:\Users\Loncarevic\AppData\Roaming\pcouffin.inf
[2012/06/26 02:35:00 | 001,693,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/26 02:35:00 | 000,757,662 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/06/26 02:35:00 | 000,678,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/26 02:35:00 | 000,157,144 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/06/26 02:35:00 | 000,131,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/25 23:04:15 | 001,126,886 | ---- | M] () -- C:\Users\Loncarevic\Desktop\escuela.zip
[2012/06/25 22:04:10 | 000,326,757 | ---- | M] () -- C:\Users\Loncarevic\Desktop\Ilijina potvrda da je redovan [2010].jpg
[2012/06/25 20:47:23 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/25 20:33:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/06/14 03:33:08 | 005,001,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/29 23:16:08 | 000,000,512 | ---- | C] () -- C:\Users\Loncarevic\Desktop\MBR.dat
[2012/06/29 21:02:31 | 000,002,453 | ---- | C] () -- C:\Users\Loncarevic\Desktop\Safe Money.lnk
[2012/06/29 21:01:29 | 000,001,211 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security Technical Preview.lnk
[2012/06/29 20:16:52 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/28 15:46:44 | 000,000,271 | ---- | C] () -- C:\Users\Loncarevic\AppData\Roaming\burnaware.ini
[2012/06/27 21:28:13 | 000,326,757 | ---- | C] () -- C:\Users\Loncarevic\Desktop\Ilijina potvrda da je redovan [2010].jpg
[2012/06/27 15:11:53 | 000,099,384 | ---- | C] () -- C:\Users\Loncarevic\AppData\Roaming\inst.exe
[2012/06/27 15:11:53 | 000,007,859 | ---- | C] () -- C:\Users\Loncarevic\AppData\Roaming\pcouffin.cat
[2012/06/27 15:11:53 | 000,001,167 | ---- | C] () -- C:\Users\Loncarevic\AppData\Roaming\pcouffin.inf
[2012/06/26 17:57:39 | 000,001,873 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/06/25 23:04:15 | 001,126,886 | ---- | C] () -- C:\Users\Loncarevic\Desktop\escuela.zip
[2012/06/25 20:43:48 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/25 20:43:48 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/13 13:42:57 | 000,199,132 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/11 18:19:20 | 000,000,098 | ---- | C] () -- C:\Users\Loncarevic\AppData\Local\fusioncache.dat
[2012/01/11 10:29:05 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{44b3a8b8-4a94-1a73-1fa3-a34d5e15605f}\@
[2012/01/11 10:29:05 | 000,002,048 | -HS- | C] () -- C:\Users\Loncarevic\AppData\Local\{44b3a8b8-4a94-1a73-1fa3-a34d5e15605f}\@
[2011/12/03 17:54:52 | 000,217,017 | ---- | C] () -- C:\Users\Loncarevic\Ukrcani-kontejneri-na-palubi.jpg
[2011/12/03 17:54:52 | 000,177,595 | ---- | C] () -- C:\Users\Loncarevic\Riferi-i-kontejneri-na-palubi.jpg
[2011/12/03 17:54:52 | 000,142,783 | ---- | C] () -- C:\Users\Loncarevic\Mali-brodic-na-opasnom-mjestu.jpg
[2011/12/03 17:54:52 | 000,121,168 | ---- | C] () -- C:\Users\Loncarevic\Spremanje za manovru na pramcu.jpg
[2011/12/03 17:54:52 | 000,105,245 | ---- | C] () -- C:\Users\Loncarevic\Port-of-Felixtowe.jpg
[2011/12/03 17:54:52 | 000,052,921 | ---- | C] () -- C:\Users\Loncarevic\Fabrika-u-Felixtowe.jpg
[2011/10/04 11:21:33 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/09/10 19:41:25 | 000,051,270 | ---- | C] () -- C:\Users\Loncarevic\AppData\Roaming\room_v3.dat
[2011/08/14 21:04:17 | 000,009,216 | ---- | C] () -- C:\Users\Loncarevic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/04 22:12:25 | 000,000,602 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/06/19 03:48:47 | 000,000,171 | ---- | C] () -- C:\Windows\icecast2.ini
[2011/06/07 00:21:15 | 000,000,000 | ---- | C] () -- C:\Users\Loncarevic\AppData\Roaming\.NANotifyHere
[2011/05/03 16:54:53 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/02/19 15:51:29 | 000,107,371 | ---- | C] () -- C:\Users\Loncarevic\logo.png
[2011/02/09 21:25:49 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/02/09 21:14:24 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/01/19 21:19:33 | 000,000,132 | ---- | C] () -- C:\Users\Loncarevic\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/01/19 21:13:49 | 000,000,132 | ---- | C] () -- C:\Users\Loncarevic\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/18 17:06:24 | 000,001,456 | ---- | C] () -- C:\Users\Loncarevic\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/01/17 15:07:15 | 001,752,248 | -H-- | C] () -- C:\Users\Loncarevic\Photoshop_12_LS1.7z.part
[2011/01/17 12:12:26 | 008,108,427 | -H-- | C] () -- C:\Users\Loncarevic\MasterCollection_CS5_LS1.7z.part
[2011/01/16 22:04:16 | 001,661,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/13 00:11:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/12 22:27:34 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/07/12 22:27:34 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/12 22:27:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/12 22:27:33 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/12 22:27:32 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/07/12 22:27:25 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010/07/12 22:27:25 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2005/07/28 02:12:14 | 000,003,473 | -H-- | C] () -- C:\Users\Loncarevic\AppData\Roaming\Loncareviclog.dat

========== LOP Check ==========

[2011/09/21 10:36:30 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\Ableton
[2012/01/14 20:16:44 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\Autodesk
[2012/04/11 11:25:28 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\Azureus
[2011/08/20 03:16:23 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\Braid
[2012/05/27 17:23:15 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\BSplayer
[2011/07/19 14:07:07 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\BSplayer Pro
[2011/01/17 14:48:11 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\DAEMON Tools Pro
[2012/06/27 13:23:55 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\Dropbox
[2012/06/07 20:53:47 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\F4
[2011/03/28 23:38:50 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\FileZilla
[2012/06/26 18:18:51 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\ImgBurn
[2011/12/08 11:23:27 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\LolClient
[2012/04/15 02:51:59 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\Opera
[2012/06/26 02:17:08 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\PowerISO
[2011/01/19 18:03:09 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\SoftGrid Client
[2011/04/28 21:42:56 | 000,000,000 | RHSD | M] -- C:\Users\Loncarevic\AppData\Roaming\system32
[2012/01/25 12:20:53 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\Thunderbird
[2011/04/28 19:13:20 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\Tific
[2011/01/16 22:05:26 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\TP
[2012/06/27 13:23:31 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\uTorrent
[2012/06/27 23:15:34 | 000,000,000 | ---D | M] -- C:\Users\Loncarevic\AppData\Roaming\VSO
[2012/06/13 12:32:17 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >



In addition, here is the Extra.txt from OTL:

OTL Extras logfile created on: 29/06/2012 23:17:43 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Loncarevic\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Regno Unito | Language: ENG | Date Format: dd/MM/yyyy

3,86 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 56,40% Memory free
7,71 Gb Paging File | 5,56 Gb Available in Paging File | 72,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,46 Gb Total Space | 243,03 Gb Free Space | 53,71% Space Free | Partition Type: NTFS

Computer Name: LONCAREVIC-VAIO | User Name: Loncarevic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc)
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{687C26DE-9A70-B256-170A-717DFA8B360E}" = ATI Catalyst Install Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{E0156F98-8990-09B0-FCEC-1914C3281283}" = ccc-utility64
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Novation USB Audio Driver_is1" = Novation USB Audio Driver 1.9b1
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{01BA7349-0270-8D01-279E-0960D158B9B0}" = Catalyst Control Center Graphics Full Existing
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09BF3083-B76F-B5A0-2446-CDCA707F5918}" = CCC Help Russian
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D343C5F-FE5C-4914-91D9-E9E7A440590E}" = Windows Live Writer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F73537E-25F5-81B7-7CD8-517083B1F48D}" = CCC Help Chinese Traditional
"{16E107BF-24A3-28A5-91C9-556A0AA4875D}" = CCC Help Italian
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{1859BB19-EF0A-4196-9F48-569499FE7420}" = Raccolta foto di Windows Live
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{2105804E-14A1-1B5C-DF13-FB04C4059972}" = CCC Help Thai
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23CFDAC8-5CCE-1A02-581A-753B0A6BEEE1}" = CCC Help Spanish
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{275EA703-F9BD-0F41-F004-DB89011ED5A7}" = CCC Help Dutch
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B72AF5B-EC2D-25BD-2A38-5F3C0A727DA8}" = CCC Help Greek
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{3B887224-2336-0699-917A-B38B5B99A254}" = CCC Help French
"{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4F527211-4FDF-76EA-61A5-91EE3161980B}" = Catalyst Control Center Core Implementation
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security Technical Preview
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D279843-4635-85CA-9201-3BD9E179E749}" = CCC Help Chinese Standard
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = Supporto trasferimento VAIO
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6B4E92B0-6691-E4A1-A86B-6600BD6972D4}" = CCC Help Turkish
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74B81E20-730A-F440-FB01-C7B3716CB80A}" = Catalyst Control Center Graphics Previews Common
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F38281-1BAC-80B3-D99E-AE11CE3A0924}" = Catalyst Control Center Graphics Full New
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7D793D3E-C37E-4C1D-4ACF-D05878F5D480}" = CCC Help Japanese
"{7FC454AE-6857-215B-33FF-D50835C32EF9}" = CCC Help Danish
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F2DAC3B-E040-1B90-D882-EEF8033AA0A5}" = Catalyst Control Center Graphics Previews Vista
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{909AA7E1-95FD-4EF4-8819-5DEFA5900BC7}" = F4WebPlugin 0.2.20
"{919FBC0E-93A3-445A-2055-BCB23AED1641}" = Catalyst Control Center Localization All
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B05F6FC-AE16-488C-A822-F641ADC61B6A}_is1" = VSO CopyTo 5
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{A20548C1-4B08-C41D-A3A8-FE8C933C2A00}" = Catalyst Control Center InstallProxy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-A93000000001}" = Adobe Reader 9.3 - Italiano
"{B19E486A-59E8-5585-CB2F-4DCB1B230368}" = CCC Help Czech
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{B945DDC0-3213-4850-8B20-F2DA67FDFE9E}" = CCC Help Norwegian
"{BA1CA03B-8F13-12C6-BCE6-46C422B357AE}" = CCC Help German
"{BBF0B71F-F8F3-70FD-B558-7835894F40A5}" = CCC Help Portuguese
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = Manuale VAIO
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}" = Windows Live Sync
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4CE65B8-23C1-A51B-6739-AE6686DD6C6D}" = CCC Help Korean
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D7F08B1C-A956-3A0A-E891-83173A2F73BA}" = Catalyst Control Center Graphics Light
"{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D30D77-E0E2-6B2F-3C7B-0D8C9A82C8DB}" = CCC Help English
"{DBE88A57-BD7B-E315-C07D-D203E514BB58}" = CCC Help Finnish
"{DD256151-9EAC-9D83-8D60-A475F092CF03}" = CCC Help Hungarian
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E31A24A7-CF73-42B7-8FA1-26644296C9E3}" = Windows Live Mail
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F572C0E3-90D1-CC46-C163-4C4E50D3C220}" = ccc-core-static
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F93A233E-59A6-CBD2-68D3-4446D710EDA5}" = CCC Help Polish
"{FB33CE0D-D26D-86C3-9BD5-F58631EAE3C2}" = CCC Help Swedish
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"AVG Secure Search" = AVG Security Toolbar
"BurnAware Free_is1" = BurnAware Free 4.9
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Google Chrome" = Google Chrome
"iCare Data Recovery_is1" = iCare Data Recovery 4.3
"ImgBurn" = ImgBurn
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security Technical Preview
"Live 8.0.1" = Live 8.0.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RealPlayer 15.0" = RealPlayer
"splashtop" = VAIO Quick Web Access
"The KMPlayer" = The KMPlayer (remove only)
"UltraISO_is1" = UltraISO Premium V9.52
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VAIO Help and Support" =
"VAIO screensaver" = VAIO screensaver
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18/06/2012 18:08:35 | Computer Name = Loncarevic-VAIO | Source = SampleCollector | ID = 131331
Description = init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20:
Impossibile accedere al file. Il file è utilizzato da un altro processo.

Error - 19/06/2012 18:30:51 | Computer Name = Loncarevic-VAIO | Source = SideBySide | ID = 16842815
Description = Generazione del contesto di attivazione non riuscita per "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file
manifesto o dei criteri "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll", riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
dell'attributo "version" nell'elemento "assemblyIdentity" non è valido.

Error - 21/06/2012 18:59:15 | Computer Name = Loncarevic-VAIO | Source = SideBySide | ID = 16842815
Description = Generazione del contesto di attivazione non riuscita per "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file
manifesto o dei criteri "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll", riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
dell'attributo "version" nell'elemento "assemblyIdentity" non è valido.

Error - 24/06/2012 13:42:17 | Computer Name = Loncarevic-VAIO | Source = SideBySide | ID = 16842815
Description = Generazione del contesto di attivazione non riuscita per "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file
manifesto o dei criteri "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll", riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
dell'attributo "version" nell'elemento "assemblyIdentity" non è valido.

Error - 25/06/2012 06:17:00 | Computer Name = Loncarevic-VAIO | Source = SideBySide | ID = 16842815
Description = Generazione del contesto di attivazione non riuscita per "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file
manifesto o dei criteri "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll", riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
dell'attributo "version" nell'elemento "assemblyIdentity" non è valido.

Error - 25/06/2012 22:07:42 | Computer Name = Loncarevic-VAIO | Source = SideBySide | ID = 16842815
Description = Generazione del contesto di attivazione non riuscita per "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file
manifesto o dei criteri "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll", riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
dell'attributo "version" nell'elemento "assemblyIdentity" non è valido.

Error - 27/06/2012 04:07:53 | Computer Name = Loncarevic-VAIO | Source = SideBySide | ID = 16842815
Description = Generazione del contesto di attivazione non riuscita per "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file
manifesto o dei criteri "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll", riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
dell'attributo "version" nell'elemento "assemblyIdentity" non è valido.

Error - 28/06/2012 04:25:14 | Computer Name = Loncarevic-VAIO | Source = SideBySide | ID = 16842815
Description = Generazione del contesto di attivazione non riuscita per "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file
manifesto o dei criteri "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll", riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
dell'attributo "version" nell'elemento "assemblyIdentity" non è valido.

Error - 28/06/2012 08:44:06 | Computer Name = Loncarevic-VAIO | Source = SideBySide | ID = 16842832
Description = Generazione del contesto di attivazione non riuscita per "C:\$Recycle.Bin\S-1-5-21-393099153-325227938-747565733-1001\$RCAJRHP.exe".
Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente
richiesta dall'applicazione è in conflitto con un'altra versione del componente
già attiva. Componenti in conflitto:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Componente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 29/06/2012 06:02:22 | Computer Name = Loncarevic-VAIO | Source = SideBySide | ID = 16842815
Description = Generazione del contesto di attivazione non riuscita per "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Errore nel file
manifesto o dei criteri "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll", riga 3. Il valore "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
dell'attributo "version" nell'elemento "assemblyIdentity" non è valido.

[ Media Center Events ]
Error - 24/01/2011 06:01:28 | Computer Name = Loncarevic-VAIO | Source = MCUpdate | ID = 0
Description = 11:01:28 - Errore di connessione a Internet. 11:01:28 - Impossibile
contattare il server..

Error - 24/01/2011 06:01:47 | Computer Name = Loncarevic-VAIO | Source = MCUpdate | ID = 0
Description = 11:01:34 - Errore di connessione a Internet. 11:01:34 - Impossibile
contattare il server..

Error - 24/01/2011 07:01:53 | Computer Name = Loncarevic-VAIO | Source = MCUpdate | ID = 0
Description = 12:01:53 - Errore di connessione a Internet. 12:01:53 - Impossibile
contattare il server..

Error - 24/01/2011 07:02:00 | Computer Name = Loncarevic-VAIO | Source = MCUpdate | ID = 0
Description = 12:01:58 - Errore di connessione a Internet. 12:01:58 - Impossibile
contattare il server..

[ System Events ]
Error - 29/06/2012 15:50:41 | Computer Name = Loncarevic-VAIO | Source = Service Control Manager | ID = 7022
Description = Servizio Windows Update bloccato in partenza.

Error - 29/06/2012 16:09:06 | Computer Name = Loncarevic-VAIO | Source = Service Control Manager | ID = 7023
Description = Servizio Pubblicazione risorse per individuazione terminato con l'errore:
%%-2147024891

Error - 29/06/2012 16:09:06 | Computer Name = Loncarevic-VAIO | Source = Service Control Manager | ID = 7001
Description = Il servizio Provider Gruppo Home dipende dal servizio Pubblicazione
risorse per individuazione che non è stato avviato per il seguente errore: %%-2147024891

Error - 29/06/2012 17:07:15 | Computer Name = Loncarevic-VAIO | Source = Service Control Manager | ID = 7003
Description = Il servizio Moduli di impostazione chiavi IPSec IKE e Auth-IP dipende
dal servizio BFE, che potrebbe non essere installato.

Error - 29/06/2012 17:07:16 | Computer Name = Loncarevic-VAIO | Source = Service Control Manager | ID = 7023
Description = Servizio Pubblicazione risorse per individuazione terminato con l'errore:
%%-2147024891

Error - 29/06/2012 17:07:17 | Computer Name = Loncarevic-VAIO | Source = Service Control Manager | ID = 7023
Description = Servizio Browser di computer terminato con l'errore: %%1060

Error - 29/06/2012 17:07:20 | Computer Name = Loncarevic-VAIO | Source = Service Control Manager | ID = 7003
Description = Il servizio Agente criteri IPsec dipende dal servizio BFE, che potrebbe
non essere installato.

Error - 29/06/2012 17:08:21 | Computer Name = Loncarevic-VAIO | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: luafv

Error - 29/06/2012 17:08:31 | Computer Name = Loncarevic-VAIO | Source = Service Control Manager | ID = 7023
Description = Servizio Pubblicazione risorse per individuazione terminato con l'errore:
%%-2147024891

Error - 29/06/2012 17:08:31 | Computer Name = Loncarevic-VAIO | Source = Service Control Manager | ID = 7001
Description = Il servizio Provider Gruppo Home dipende dal servizio Pubblicazione
risorse per individuazione che non è stato avviato per il seguente errore: %%-2147024891


< End of report >




And here it's the aswMBR log, in case it helps...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-29 23:14:38
-----------------------------
23:14:38.037 OS Version: Windows x64 6.1.7600
23:14:38.037 Number of processors: 4 586 0x2505
23:14:38.041 ComputerName: LONCAREVIC-VAIO UserName: Loncarevic
23:14:39.658 Initialize success
23:14:53.914 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:14:53.918 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
23:14:53.971 Disk 0 MBR read successfully
23:14:53.974 Disk 0 MBR scan
23:14:53.976 Disk 0 Windows 7 default MBR code
23:14:53.990 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13514 MB offset 2048
23:14:54.004 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27678720
23:14:54.018 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463324 MB offset 27883520
23:14:54.199 Disk 0 scanning C:\Windows\system32\drivers
23:15:08.676 Service scanning
23:15:19.265 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
23:15:19.352 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
23:15:19.382 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
23:15:19.750 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
23:15:19.786 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
23:15:19.824 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
23:15:28.493 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
23:15:34.862 Modules scanning
23:15:34.875 Disk 0 trace - called modules:
23:15:34.901 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys sptd.sys hal.dll
23:15:34.910 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800639a790]
23:15:34.916 3 CLASSPNP.SYS[fffff88000e7743f] -> nt!IofCallDriver -> [0xfffffa80043232c0]
23:15:34.923 5 ACPI.sys[fffff88000f6b781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004349050]
23:15:34.929 Scan finished successfully
23:16:08.117 Disk 0 MBR has been saved successfully to "C:\Users\Loncarevic\Desktop\MBR.dat"
23:16:08.126 The log file has been saved successfully to "C:\Users\Loncarevic\Desktop\aswMBR.txt"




Thanks a lot in advance!

Fidel

Edited by Fidel Castro, 30 June 2012 - 04:10 AM.

  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello Fidel Castro and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.

Edited by WhiteHat, 29 June 2012 - 05:49 PM.

  • 0

#3
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Alright, thanks a lot for the quick reply.

I have removed the [code=auto:0] tags which I've put because of privacy reasons but it's ok.

So, once you give me instructions should I follow them immediately or wait for an expert to approve those instructions and then go ahead with them?

Thanks a lot.

Fidel
  • 0

#4
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi Fidel Castro,

So, once you give me instructions should I follow them immediately or wait for an expert to approve those instructions and then go ahead with them?

You should follow immediately. :thumbsup:

# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} -  C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} -  C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes\{EF9EFB30-5563-421F-89FB-1C5649C11705}: "URL" =  http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
    FF - prefs.js..browser.search.defaultthis.engineName: "MB2 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl:  "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&SearchSource=3&q={searchTerms}"
    [2012/05/29 23:36:46 | 000,000,000 | ---D | M] (uTorrentControl2  Community Toolbar) --  C:\Users\Loncarevic\AppData\Roaming\mozilla\Firefox\Profiles\p2wmt99k.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2011/04/06 11:05:46 | 000,000,909 | ---- | M] () --  C:\Users\Loncarevic\AppData\Roaming\Mozilla\Firefox\Profiles\p2wmt99k.default\searchplugins\conduit.xml
    
    :Files
    C:\Windows\Installer\{44b3a8b8-4a94-1a73-1fa3-a34d5e15605f}
    C:\Users\Loncarevic\AppData\Local\{44b3a8b8-4a94-1a73-1fa3-a34d5e15605f}
    ipconfig /flushdns /c
    
    :Commands
    [CREATERESTOREPOINT]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 2 #

Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

# Step 3 #

Logs I want see in your next reply:

  • OTL fix log
  • FSS.txt

  • 0

#5
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Here is the OTL log file after fixing and rebooting the system.


========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EF9EFB30-5563-421F-89FB-1C5649C11705}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF9EFB30-5563-421F-89FB-1C5649C11705}\ not found.
Prefs.js: "MB2 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
C:\Users\Loncarevic\AppData\Roaming\mozilla\Firefox\Profiles\p2wmt99k.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\Loncarevic\AppData\Roaming\mozilla\Firefox\Profiles\p2wmt99k.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\Loncarevic\AppData\Roaming\mozilla\Firefox\Profiles\p2wmt99k.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\Loncarevic\AppData\Roaming\mozilla\Firefox\Profiles\p2wmt99k.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\Loncarevic\AppData\Roaming\mozilla\Firefox\Profiles\p2wmt99k.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\Loncarevic\AppData\Roaming\mozilla\Firefox\Profiles\p2wmt99k.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\Loncarevic\AppData\Roaming\mozilla\Firefox\Profiles\p2wmt99k.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\Loncarevic\AppData\Roaming\Mozilla\Firefox\Profiles\p2wmt99k.default\searchplugins\conduit.xml moved successfully.
========== FILES ==========
C:\Windows\Installer\{44b3a8b8-4a94-1a73-1fa3-a34d5e15605f}\U folder moved successfully.
C:\Windows\Installer\{44b3a8b8-4a94-1a73-1fa3-a34d5e15605f}\L folder moved successfully.
C:\Windows\Installer\{44b3a8b8-4a94-1a73-1fa3-a34d5e15605f} folder moved successfully.
C:\Users\Loncarevic\AppData\Local\{44b3a8b8-4a94-1a73-1fa3-a34d5e15605f}\U folder moved successfully.
C:\Users\Loncarevic\AppData\Local\{44b3a8b8-4a94-1a73-1fa3-a34d5e15605f}\L folder moved successfully.
C:\Users\Loncarevic\AppData\Local\{44b3a8b8-4a94-1a73-1fa3-a34d5e15605f} folder moved successfully.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Loncarevic\Desktop\cmd.bat deleted successfully.
C:\Users\Loncarevic\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06302012_210629






And here it is the FSS log:


Farbar Service Scanner Version: 25-06-2012 01
Ran by Loncarevic (administrator) on 30-06-2012 at 21:14:35
Running from "C:\Users\Loncarevic\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 05:18] - [2011-12-28 05:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 09:48] - [2012-03-30 13:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 02:09] - [2009-07-14 03:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 01:36] - [2009-07-14 03:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 12:41] - [2012-04-24 07:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



PLEASE NOTE: After rebooting the system, Kaspersky gave the alert of malicious software once again.

Thanks,

Fidel
  • 0

#6
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Go to this website and download the pack Seven.zip:
http://www.smartestc...y-network-keys/

Extract the file using Winrar or 7-Zip

Run these reg files:
  • wscsvc.reg
  • bfe.reg
  • MpsSvc.reg

# Step 2 #
Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Files
    Net Start mpsdrv /c
    Net Start MpsSvc /c
    Net Start bfe /c
    Net Start wscsvc /c
    
    :Commands
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 3 #

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#7
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
I'm sorry for the late reply but I've been busy last few days.

I also hope we will manage to fix this problem in the next few days because I will be leaving soon.


Anyways... here is the OTL report of moved files:



========== FILES ==========
< Net Start mpsdrv /c >
Avvio del servizio Driver di autorizzazione di Windows Firewall riuscito.
C:\Users\Loncarevic\Desktop\cmd.bat deleted successfully.
C:\Users\Loncarevic\Desktop\cmd.txt deleted successfully.
< Net Start MpsSvc /c >
C:\Users\Loncarevic\Desktop\cmd.bat deleted successfully.
C:\Users\Loncarevic\Desktop\cmd.txt deleted successfully.
< Net Start bfe /c >
C:\Users\Loncarevic\Desktop\cmd.bat deleted successfully.
C:\Users\Loncarevic\Desktop\cmd.txt deleted successfully.
< Net Start wscsvc /c >
C:\Users\Loncarevic\Desktop\cmd.bat deleted successfully.
C:\Users\Loncarevic\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 07052012_133743







And regarding the Rouge Killer, I did everything like you said but I didn't get the 'All RKreport.txt' file. Instead I got a separate report after each step taken in Rouge Killer.


Here is the FIRST ONE:


RogueKiller V7.6.2 [07/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Loncarevic [Admin rights]
Mode: Scan -- Date: 07/05/2012 13:44:13

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Loncarevic\AppData\Local\{44b3a8b8-4a94-1a73-1fa3-a34d5e15605f}\n.) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM500JI +++++
--- User ---
[MBR] 2eb8fcbfc0757f4ba6d498cc3c658695
[BSP] 48884e1b478496022e76d11615da4fef : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13514 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27678720 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27883520 | Size: 463324 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




Then the SECOND ONE:

RogueKiller V7.6.2 [07/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Loncarevic [Admin rights]
Mode: Remove -- Date: 07/05/2012 13:44:36

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Loncarevic\AppData\Local\{44b3a8b8-4a94-1a73-1fa3-a34d5e15605f}\n.) -> REPLACED (c:\windows\system32\shell32.dll)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM500JI +++++
--- User ---
[MBR] 2eb8fcbfc0757f4ba6d498cc3c658695
[BSP] 48884e1b478496022e76d11615da4fef : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13514 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27678720 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27883520 | Size: 463324 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



And lastly, the THIRD ONE:

RogueKiller V7.6.2 [07/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Loncarevic [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/05/2012 13:50:00

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 16 / Fail 0
Start menu: Success 2 / Fail 0
User folder: Success 208 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 26 / Fail 0
My music: Success 10 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 225 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\IsoCdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt




Thanks a lot in advance.

Fidel
  • 0

#8
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Your antivirus still detect the Zero Access infection (Win64.ZAcess.b)?

Download the following three programmes to your desktop :

1. WiNTobootic
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 4GB
Run Wintoboot

Posted Image

Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

Posted Image

It will let you know when it is done
Then copy FRST to the same USB

Posted Image


Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this although yours will say windows 7. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The Tool will start to run.
When the Tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#9
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
NOTE: Yes, after rebooting Kaspersky warned me that the Win64.ZAcess.b is still there...

Anyway, here is the FRST.txt log file..


Scan result of Farbar Recovery Scan Tool Version: 05-07-2012 01
Ran by SYSTEM at 06-07-2012 00:30:12
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2040352 2010-05-31] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe [212480 2010-05-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [snpstd3] C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [x]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [673136 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [600928 2010-05-31] (Sony Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99696 2010-06-20] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot [296056 2012-06-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1104440 2012-06-25] ()
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\avp.exe" [218880 2012-05-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1090440 2012-06-27] (Spigot, Inc.)
HKU\Loncarevic\...\Run: [AdobeBridge] [x]
HKU\Loncarevic\...\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay [81264 2010-06-21] (Sony Corporation)
HKU\Loncarevic\...\Run: [Akamai NetSession Interface] "C:\Users\Loncarevic\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30208 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll [3417376 2012-05-29] ()
2 Application Updater; "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" [791488 2012-06-27] (Spigot, Inc.)
2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\avp.exe" -r [218880 2012-05-31] (Kaspersky Lab ZAO)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [624856 2012-05-17] (Pandora.TV)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [259192 2011-01-28] (Sony Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-05-28] (Intel Corporation)
2 vToolbarUpdater11.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [935480 2012-06-25] ()

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [64344 2011-05-10] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [600920 2011-05-10] (AVAST Software)
3 automap; C:\Windows\System32\Drivers\automap.sys [11264 2009-10-16] (Novation Digital Music Systems Limited)
3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [163328 2010-05-06] (© Guillemot R&D, 2010. All rights reserved.)
3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [226304 2010-05-06] (© Guillemot R&D, 2010. All rights reserved.)
3 HDJMidi; C:\Windows\System32\Drivers\HDJMidi.sys [162304 2010-05-06] (© Guillemot R&D, 2010. All rights reserved.)
1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
0 KL1; C:\Windows\System32\Drivers\KL1.sys [458544 2012-04-13] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [640344 2012-05-29] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [30000 2012-03-27] (Kaspersky Lab ZAO)
3 klkbdflt; C:\Windows\System32\Drivers\klkbdflt.sys [29016 2012-05-25] (Kaspersky Lab)
3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [27992 2012-05-25] (Kaspersky Lab)
1 kltdi; C:\Windows\System32\Drivers\kltdi.sys [54064 2012-05-12] (Kaspersky Lab)
1 kneps; C:\Windows\System32\Drivers\kneps.sys [172888 2012-05-24] (Kaspersky Lab)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 NvnUsbAudio; C:\Windows\System32\Drivers\NvnUsbAudio.sys [55296 2010-05-26] (Novation DMS Ltd.)
3 SNPSTD3; C:\Windows\System32\Drivers\SNPSTD3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-01-18] (Duplex Secure Ltd.)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2010-12-02] (Nokia)
3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Classic\safedrv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-05 14:14 - 2012-07-05 14:14 - 00000000 ____D C:\Users\Loncarevic\Desktop\Skripta ARPA
2012-07-05 14:12 - 2012-07-05 14:17 - 172855296 ____A C:\Users\Loncarevic\Desktop\RepairDiscWindows7-64-bit.iso
2012-07-05 14:11 - 2012-07-05 14:11 - 01432075 ____A C:\Users\Loncarevic\Desktop\FRST64.exe
2012-07-05 14:11 - 2012-07-05 14:11 - 00621056 ____A C:\Users\Loncarevic\Desktop\WiNToBootic.exe
2012-07-05 03:50 - 2012-07-05 03:50 - 00001118 ____A C:\Users\Loncarevic\Desktop\RKreport[3].txt
2012-07-05 03:44 - 2012-07-05 03:44 - 00001640 ____A C:\Users\Loncarevic\Desktop\RKreport[2].txt
2012-07-05 03:44 - 2012-07-05 03:44 - 00001555 ____A C:\Users\Loncarevic\Desktop\RKreport[1].txt
2012-07-05 03:43 - 2012-07-05 03:44 - 00000000 ____D C:\Users\Loncarevic\Desktop\RK_Quarantine
2012-07-05 03:42 - 2012-07-05 03:42 - 01557504 ____A C:\Users\Loncarevic\Desktop\RogueKiller.exe
2012-07-05 03:34 - 2012-07-05 03:35 - 00000000 ____D C:\Users\Loncarevic\Desktop\Seven
2012-07-05 03:34 - 2012-07-05 03:34 - 00014086 ____A C:\Users\Loncarevic\Desktop\Seven.zip
2012-07-05 03:34 - 2011-12-28 06:42 - 00003364 ____A C:\Users\Loncarevic\Desktop\mpssvc.reg
2012-07-05 03:34 - 2011-12-28 06:42 - 00001495 ____A C:\Users\Loncarevic\Desktop\bfe.reg
2012-07-05 03:34 - 2011-12-26 07:35 - 00002737 ____A C:\Users\Loncarevic\Desktop\wscsvc.reg
2012-07-02 13:18 - 2012-07-02 13:18 - 00285184 ____A C:\Users\Loncarevic\Desktop\ADULTOS__MODERNOS(1).pps
2012-07-02 12:28 - 2012-07-02 12:28 - 05765632 ____A C:\Users\Loncarevic\Desktop\Garganta_de_takachiho.pps
2012-07-01 02:37 - 2012-07-01 02:37 - 00055808 ____A C:\Users\Loncarevic\Desktop\ELVALORDEUNMARIDO.pps
2012-06-30 11:06 - 2012-06-30 11:06 - 00000000 ____D C:\_OTL
2012-06-30 03:40 - 2012-06-30 03:40 - 00000000 ____D C:\Program Files (x86)\FreeRIP Toolbar
2012-06-30 03:40 - 2012-06-30 03:40 - 00000000 ____D C:\Program Files (x86)\Application Updater
2012-06-30 03:39 - 2012-06-30 03:39 - 00000000 ____D C:\Program Files (x86)\FreeRIP3
2012-06-29 13:16 - 2012-06-29 13:16 - 00596992 ____A (OldTimer Tools) C:\Users\Loncarevic\Desktop\OTL.exe
2012-06-29 11:12 - 2012-06-29 11:12 - 00262144 ____A C:\Windows\System32\config\elam
2012-06-29 11:00 - 2012-07-05 14:01 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-06-29 11:00 - 2012-06-29 11:00 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2012-06-29 10:59 - 2012-05-29 05:55 - 00640344 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-06-29 10:59 - 2012-05-29 05:55 - 00085336 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys
2012-06-29 10:50 - 2012-06-29 10:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-28 05:46 - 2012-06-28 23:18 - 00000271 ____A C:\Users\Loncarevic\AppData\Roaming\burnaware.ini
2012-06-28 05:32 - 2012-06-28 05:32 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2012-06-28 04:43 - 2012-06-28 04:43 - 00000000 ____D C:\Users\Loncarevic\Documents\My ISO Files
2012-06-27 05:17 - 2012-06-27 05:17 - 00000000 ____D C:\Users\Loncarevic\Desktop\burn
2012-06-27 05:11 - 2012-06-27 13:15 - 00000000 ____D C:\Users\Loncarevic\AppData\Roaming\VSO
2012-06-27 05:11 - 2012-06-27 13:15 - 00000000 ____D C:\Users\All Users\VSO
2012-06-27 05:11 - 2012-06-27 05:11 - 00099384 ____A C:\Users\Loncarevic\AppData\Roaming\inst.exe
2012-06-27 05:11 - 2012-06-27 05:11 - 00082816 ____A (VSO Software) C:\Users\Loncarevic\AppData\Roaming\pcouffin.sys
2012-06-27 05:11 - 2012-06-27 05:11 - 00007859 ____A C:\Users\Loncarevic\AppData\Roaming\pcouffin.cat
2012-06-27 05:11 - 2012-06-27 05:11 - 00000055 ____A C:\Users\Loncarevic\AppData\Roaming\pcouffin.log
2012-06-27 05:11 - 2012-06-27 05:11 - 00000000 ____D C:\Users\Loncarevic\Documents\PcSetup
2012-06-27 05:11 - 2012-06-27 05:11 - 00000000 ____D C:\Program Files (x86)\VSORAW
2012-06-27 05:11 - 2012-06-27 05:11 - 00000000 ____D C:\Program Files (x86)\VSO
2012-06-27 05:11 - 2010-04-30 02:26 - 01184984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wvc1dmod.dll
2012-06-27 05:11 - 2010-04-30 02:26 - 00626688 ____A (On2.com) C:\Windows\SysWOW64\vp7vfw.dll
2012-06-27 05:11 - 2010-04-30 02:26 - 00217127 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\drv43260.dll
2012-06-27 05:11 - 2010-04-30 02:26 - 00208935 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\drv33260.dll
2012-06-27 05:11 - 2010-04-30 02:26 - 00176165 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\drv23260.dll
2012-06-27 05:11 - 2010-04-30 02:26 - 00102439 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\sipr3260.dll
2012-06-27 05:11 - 2010-04-30 02:26 - 00065602 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\cook3260.dll
2012-06-27 03:02 - 2012-06-27 03:23 - 00000000 ____D C:\Users\Loncarevic\Downloads\Nero Burning ROM 10.5.10300 + Key [RH]
2012-06-26 08:27 - 2012-06-26 08:27 - 00000000 ____D C:\Program Files\7-Zip
2012-06-26 08:18 - 2012-06-26 08:18 - 00000000 ____D C:\Users\Loncarevic\AppData\Roaming\ImgBurn
2012-06-26 07:57 - 2012-06-26 07:57 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2012-06-25 16:17 - 2012-06-25 16:17 - 00000000 ____D C:\Users\Loncarevic\AppData\Roaming\PowerISO
2012-06-25 16:16 - 2012-06-25 16:16 - 00000000 ____D C:\Users\Loncarevic\AppData\Local\AVG Secure Search
2012-06-25 16:16 - 2012-06-25 16:16 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-06-25 16:16 - 2012-06-25 16:16 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-06-25 13:04 - 2012-07-02 12:34 - 01126791 ____A C:\Users\Loncarevic\Desktop\escuela.zip
2012-06-25 10:47 - 2012-06-25 10:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-25 10:43 - 2012-06-25 10:47 - 00001045 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-25 10:29 - 2012-06-25 10:29 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-25 08:48 - 2012-06-26 17:32 - 00000000 ___RD C:\Users\Loncarevic\Dropbox
2012-06-25 08:47 - 2012-06-27 03:23 - 00000000 ____D C:\Users\Loncarevic\AppData\Roaming\Dropbox
2012-06-19 01:30 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-19 01:30 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-19 01:30 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-19 01:30 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-19 01:30 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-19 01:30 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-19 01:30 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-19 01:29 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-19 01:29 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-17 02:46 - 2012-06-17 02:46 - 00000000 ____D C:\Users\Loncarevic\AppData\Local\Macromedia
2012-06-13 17:02 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 17:02 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 17:02 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 17:02 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 17:02 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 17:02 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 17:02 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 17:02 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 17:02 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 17:02 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 17:02 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 17:02 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 17:02 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 17:02 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 17:02 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 17:02 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 17:02 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 17:02 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 17:02 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 17:02 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 17:02 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 17:02 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 17:02 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 17:02 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 17:02 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 17:02 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 17:02 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 17:02 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 02:41 - 2012-05-14 17:32 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 02:41 - 2012-05-04 02:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 02:41 - 2012-05-04 02:08 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 02:41 - 2012-05-04 02:08 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 02:41 - 2012-05-01 21:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 02:41 - 2012-04-27 19:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 02:41 - 2012-04-25 21:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 02:41 - 2012-04-25 21:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 02:41 - 2012-04-25 21:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 02:41 - 2012-04-23 21:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 02:41 - 2012-04-23 21:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 02:41 - 2012-04-23 21:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 02:41 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 02:41 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 02:41 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 02:41 - 2012-04-07 04:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 02:41 - 2012-04-07 03:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-10 07:15 - 2012-06-19 02:40 - 00000000 ____D C:\Users\All Users\B7E85886016179A86228D54EA60145BE
2012-06-07 10:53 - 2012-06-07 10:53 - 00000000 ____D C:\Users\Loncarevic\AppData\Local\F4
2012-06-07 10:52 - 2012-06-07 10:53 - 00000000 ____D C:\Users\Loncarevic\AppData\Roaming\F4


============ 3 Months Modified Files ========================

2012-07-05 14:24 - 2011-01-16 01:48 - 01174599 ____A C:\Windows\WindowsUpdate.log
2012-07-05 14:18 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-05 14:18 - 2009-07-13 20:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-05 14:17 - 2012-07-05 14:12 - 172855296 ____A C:\Users\Loncarevic\Desktop\RepairDiscWindows7-64-bit.iso
2012-07-05 14:16 - 2010-07-30 03:41 - 00757662 ____A C:\Windows\System32\perfh010.dat
2012-07-05 14:16 - 2010-07-30 03:41 - 00157144 ____A C:\Windows\System32\perfc010.dat
2012-07-05 14:16 - 2009-07-13 21:13 - 01693556 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-05 14:15 - 2010-07-29 18:06 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-05 14:11 - 2012-07-05 14:11 - 01432075 ____A C:\Users\Loncarevic\Desktop\FRST64.exe
2012-07-05 14:11 - 2012-07-05 14:11 - 00621056 ____A C:\Users\Loncarevic\Desktop\WiNToBootic.exe
2012-07-05 09:45 - 2010-07-29 18:06 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-05 03:50 - 2012-07-05 03:50 - 00001118 ____A C:\Users\Loncarevic\Desktop\RKreport[3].txt
2012-07-05 03:44 - 2012-07-05 03:44 - 00001640 ____A C:\Users\Loncarevic\Desktop\RKreport[2].txt
2012-07-05 03:44 - 2012-07-05 03:44 - 00001555 ____A C:\Users\Loncarevic\Desktop\RKreport[1].txt
2012-07-05 03:42 - 2012-07-05 03:42 - 01557504 ____A C:\Users\Loncarevic\Desktop\RogueKiller.exe
2012-07-05 03:40 - 2012-04-14 17:23 - 00021466 ____A C:\Windows\setupact.log
2012-07-05 03:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-05 03:34 - 2012-07-05 03:34 - 00014086 ____A C:\Users\Loncarevic\Desktop\Seven.zip
2012-07-02 13:18 - 2012-07-02 13:18 - 00285184 ____A C:\Users\Loncarevic\Desktop\ADULTOS__MODERNOS(1).pps
2012-07-02 12:34 - 2012-06-25 13:04 - 01126791 ____A C:\Users\Loncarevic\Desktop\escuela.zip
2012-07-02 12:28 - 2012-07-02 12:28 - 05765632 ____A C:\Users\Loncarevic\Desktop\Garganta_de_takachiho.pps
2012-07-01 02:37 - 2012-07-01 02:37 - 00055808 ____A C:\Users\Loncarevic\Desktop\ELVALORDEUNMARIDO.pps
2012-06-30 03:49 - 2011-08-04 12:12 - 00000898 ____A C:\Windows\cdplayer.ini
2012-06-30 03:40 - 2011-02-09 11:14 - 00001534 ____A C:\Users\All Users\ss.ini
2012-06-29 13:16 - 2012-06-29 13:16 - 00596992 ____A (OldTimer Tools) C:\Users\Loncarevic\Desktop\OTL.exe
2012-06-29 13:07 - 2010-07-29 17:45 - 01089812 ____A C:\Windows\PFRO.log
2012-06-29 11:39 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-29 11:12 - 2012-06-29 11:12 - 00262144 ____A C:\Windows\System32\config\elam
2012-06-28 23:18 - 2012-06-28 05:46 - 00000271 ____A C:\Users\Loncarevic\AppData\Roaming\burnaware.ini
2012-06-27 05:11 - 2012-06-27 05:11 - 00099384 ____A C:\Users\Loncarevic\AppData\Roaming\inst.exe
2012-06-27 05:11 - 2012-06-27 05:11 - 00082816 ____A (VSO Software) C:\Users\Loncarevic\AppData\Roaming\pcouffin.sys
2012-06-27 05:11 - 2012-06-27 05:11 - 00007859 ____A C:\Users\Loncarevic\AppData\Roaming\pcouffin.cat
2012-06-27 05:11 - 2012-06-27 05:11 - 00000055 ____A C:\Users\Loncarevic\AppData\Roaming\pcouffin.log
2012-06-25 10:47 - 2012-06-25 10:43 - 00001045 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-25 10:33 - 2012-01-24 02:36 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-06-25 10:33 - 2012-01-24 02:36 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-06-25 10:33 - 2012-01-24 02:36 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-06-25 10:33 - 2012-01-24 02:36 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-06-25 10:33 - 2010-07-29 18:07 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-06-25 10:33 - 2010-07-29 18:07 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-25 10:31 - 2012-04-12 17:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-25 10:31 - 2011-07-25 03:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-13 17:33 - 2009-07-13 20:45 - 05001744 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 17:08 - 2011-08-23 16:42 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 02:32 - 2009-07-13 21:08 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-03 02:02 - 2012-06-02 15:52 - 1088454656 ____A C:\Users\Loncarevic\Downloads\lcv2f3met.iso
2012-06-02 15:04 - 2011-07-28 08:16 - 00079360 __ASH C:\Users\Loncarevic\Thumbs.db
2012-06-02 14:19 - 2012-06-19 01:30 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 01:30 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 01:30 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 01:30 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 01:30 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-19 01:30 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-19 01:30 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 05:19 - 2012-06-19 01:29 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-19 01:29 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-29 05:55 - 2012-06-29 10:59 - 00640344 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-05-29 05:55 - 2012-06-29 10:59 - 00085336 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys
2012-05-25 09:38 - 2012-05-25 09:38 - 00029016 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klkbdflt.sys
2012-05-25 09:30 - 2012-05-25 09:30 - 00027992 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klmouflt.sys
2012-05-24 01:34 - 2012-05-24 01:34 - 00172888 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\kneps.sys
2012-05-17 18:47 - 2012-06-13 17:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 17:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 17:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 17:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 17:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 17:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 17:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 17:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 17:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 17:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 17:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 17:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 17:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 17:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 17:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 17:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 17:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 17:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 17:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 17:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 17:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 17:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 17:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 17:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 17:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 17:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-13 02:41 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 07:13 - 2012-05-12 07:13 - 00054064 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\kltdi.sys
2012-05-04 02:52 - 2012-06-13 02:41 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-13 02:41 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-13 02:41 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 21:32 - 2012-06-13 02:41 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:50 - 2012-06-13 02:41 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:34 - 2012-06-13 02:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:34 - 2012-06-13 02:41 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:28 - 2012-06-13 02:41 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:59 - 2012-06-13 02:41 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:59 - 2012-06-13 02:41 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:59 - 2012-06-13 02:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:47 - 2012-06-13 02:41 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:47 - 2012-06-13 02:41 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:47 - 2012-06-13 02:41 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-14 17:24 - 2011-01-16 01:50 - 00118392 ____A C:\Users\Loncarevic\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-14 17:23 - 2012-04-14 17:23 - 00000000 ____A C:\Windows\setuperr.log
2012-04-14 16:38 - 2012-04-14 16:38 - 00000040 ____A C:\Users\Public\Documents\_rgpl
2012-04-13 03:54 - 2012-04-13 03:54 - 00458544 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kl1.sys
2012-04-11 17:10 - 2009-07-13 18:34 - 00000510 ____A C:\Windows\win.ini


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3950.1 MB
Available physical RAM: 3311.11 MB
Total Pagefile: 3948.25 MB
Available Pagefile: 3306.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:452.46 GB) (Free:242.47 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:13.2 GB) (Free:0.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:3.68 GB) (Free:3.47 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3768 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 452 GB 13 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 13 GB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 452 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3764 MB 4096 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G NTFS Removable 3764 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-28 00:23

======================= End Of Log ==========================


Thanks a lot,

Fidel

Edited by Fidel Castro, 05 July 2012 - 04:50 PM.

  • 0

#10
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.
  • 0

Advertisements


#11
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
NOTE: When ComboFix finished I turned on the Kaspersky and rebooted the PC.. But Kaspersky warned me once again about the virus (Virus.Win64.ZAccess.b)..

By the way, here's the ComboFix.log file..


ComboFix 12-07-06.02 - Loncarevic 07/07/2012 2:15.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1040.18.3950.2334 [GMT 2:00]
Running from: c:\users\Loncarevic\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Loncarevic\AppData\Local\Microsoft\Windows\Temporary Internet Files\{58E163A3-653A-400B-A7DB-3B31A0AD3207}.xps
c:\users\Loncarevic\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7184DB58-DB26-4C8C-98E8-3663BD292C97}.xps
c:\users\Loncarevic\AppData\Roaming\Loncareviclog.dat
c:\users\Loncarevic\AppData\Roaming\system32
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-07 00:24 . 2012-07-07 00:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 08:30 . 2012-07-06 08:30 -------- d-----w- C:\FRST
2012-06-30 19:06 . 2012-06-30 19:06 -------- d-----w- C:\_OTL
2012-06-30 11:40 . 2012-06-30 11:40 -------- d-----w- c:\program files (x86)\FreeRIP Toolbar
2012-06-30 11:40 . 2012-06-30 11:40 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-06-30 11:40 . 2012-06-30 11:40 -------- d-----w- c:\program files (x86)\Application Updater
2012-06-30 11:39 . 2012-06-30 11:39 -------- d-----w- c:\program files (x86)\FreeRIP3
2012-06-29 19:00 . 2012-07-07 00:28 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-29 19:00 . 2012-06-29 19:00 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-06-29 18:59 . 2012-05-29 13:55 85336 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-06-29 18:50 . 2012-06-29 18:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-28 13:32 . 2012-06-28 13:32 -------- d-----w- c:\program files (x86)\BurnAware Free
2012-06-28 12:43 . 2012-06-28 12:43 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems
2012-06-27 13:11 . 2012-06-27 13:11 99384 ----a-w- c:\users\Loncarevic\AppData\Roaming\inst.exe
2012-06-27 13:11 . 2012-06-27 13:11 82816 ----a-w- c:\users\Loncarevic\AppData\Roaming\pcouffin.sys
2012-06-27 13:11 . 2010-04-30 10:26 65602 ----a-w- c:\windows\SysWow64\cook3260.dll
2012-06-27 13:11 . 2010-04-30 10:26 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll
2012-06-27 13:11 . 2010-04-30 10:26 217127 ----a-w- c:\windows\SysWow64\drv43260.dll
2012-06-27 13:11 . 2010-04-30 10:26 208935 ----a-w- c:\windows\SysWow64\drv33260.dll
2012-06-27 13:11 . 2010-04-30 10:26 176165 ----a-w- c:\windows\SysWow64\drv23260.dll
2012-06-27 13:11 . 2010-04-30 10:26 102439 ----a-w- c:\windows\SysWow64\sipr3260.dll
2012-06-27 13:11 . 2010-04-30 10:26 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
2012-06-27 13:11 . 2012-06-27 21:15 -------- d-----w- c:\users\Loncarevic\AppData\Roaming\VSO
2012-06-27 13:11 . 2012-06-27 21:15 -------- d-----w- c:\programdata\VSO
2012-06-27 13:11 . 2012-06-27 13:11 -------- d-----w- c:\program files (x86)\VSO
2012-06-26 16:27 . 2012-06-26 16:27 -------- d-----w- c:\program files\7-Zip
2012-06-26 16:18 . 2012-06-26 16:18 -------- d-----w- c:\users\Loncarevic\AppData\Roaming\ImgBurn
2012-06-26 15:57 . 2012-06-26 15:57 -------- d-----w- c:\program files (x86)\ImgBurn
2012-06-26 00:17 . 2012-06-26 00:17 -------- d-----w- c:\users\Loncarevic\AppData\Roaming\PowerISO
2012-06-26 00:16 . 2012-06-26 00:16 -------- d-----w- c:\users\Loncarevic\AppData\Local\AVG Secure Search
2012-06-26 00:16 . 2012-06-26 00:16 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-26 00:16 . 2012-06-26 00:16 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-26 00:16 . 2012-06-26 00:16 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-26 00:16 . 2012-06-26 00:16 -------- d-----w- c:\programdata\Common Files
2012-06-25 18:47 . 2012-06-25 18:47 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-25 18:47 . 2012-06-14 22:20 624608 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-25 18:47 . 2012-06-14 22:20 43488 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-25 18:47 . 2012-06-14 22:20 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-25 18:47 . 2012-06-14 22:20 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-25 18:47 . 2012-06-14 22:19 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-06-25 18:47 . 2012-06-14 22:19 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-06-25 18:47 . 2012-06-14 22:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-25 18:47 . 2012-06-14 22:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-25 18:33 . 2012-06-25 18:33 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-06-25 18:33 . 2012-06-25 18:33 129144 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-25 16:48 . 2012-06-27 01:32 -------- d-----r- c:\users\Loncarevic\Dropbox
2012-06-25 16:47 . 2012-06-27 11:23 -------- d-----w- c:\users\Loncarevic\AppData\Roaming\Dropbox
2012-06-19 09:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 09:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 09:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 09:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 09:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 09:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 09:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 09:29 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 09:29 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 10:46 . 2012-06-17 10:46 -------- d-----w- c:\users\Loncarevic\AppData\Local\Macromedia
2012-06-13 10:41 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-10 15:15 . 2012-06-19 10:40 -------- d-----w- c:\programdata\B7E85886016179A86228D54EA60145BE
2012-06-07 18:53 . 2012-06-07 18:53 -------- d-----w- c:\users\Loncarevic\AppData\Local\F4
2012-06-07 18:52 . 2012-06-07 18:53 -------- d-----w- c:\users\Loncarevic\AppData\Roaming\F4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 19:39 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-06-25 18:33 . 2010-07-30 02:07 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-25 18:33 . 2010-07-30 02:07 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-25 18:31 . 2012-04-13 01:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-25 18:31 . 2011-07-25 11:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-25 17:38 . 2012-05-25 17:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-05-25 17:30 . 2012-05-25 17:30 27992 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-05-24 09:34 . 2012-05-24 09:34 172888 ----a-w- c:\windows\system32\drivers\kneps.sys
2012-05-12 15:13 . 2012-05-12 15:13 54064 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-04-13 11:54 . 2012-04-13 11:54 458544 ----a-w- c:\windows\system32\drivers\kl1.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
2012-05-31 16:56 744376 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-26 00:16 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
2012-05-31 16:57 398776 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\IEExt\OnlineBanking\online_banking_bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-26 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-06-22 81264]
"Akamai NetSession Interface"="c:\users\Loncarevic\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-08 98304]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-06-20 99696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2012-06-25 296056]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-26 1104440]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\avp.exe" [2012-05-31 218880]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-06-27 1090440]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
2;2 SampleCollector;VAIO Care Performance Service [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
R3 automap;Automap MIDI Driver Service;c:\windows\system32\DRIVERS\automap.sys [2009-10-16 11264]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-05-06 163328]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-05-06 226304]
R3 HDJMidi;Hercules DJ Console Mk4 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-05-06 162304]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-05-28 158976]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-24 271872]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2010-05-26 55296]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-20 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-20 67952]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-17 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-18 503352]
S1 aswSnx;aswSnx; [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-03-27 30000]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-05-12 54064]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-05-24 172888]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-24 202752]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-06-27 791488]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 64344]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-05-17 624856]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 836608]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-26 935480]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-23 342056]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-23 39464]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-05-28 56344]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-05-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-05-25 27992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-06 304496]
S3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-05-31 402720]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 02:06]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 02:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
2012-05-31 16:59 903096 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
2012-05-31 16:59 474040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\x64\IEExt\OnlineBanking\online_banking_bho.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2010-05-31 212480]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={12E786C6-3DAB-461B-A676-EBC6EE3AD3A9}&mid=74d9f6c0f13e47d08645150f5f57b1c4-eba08bf2593866159e96134e60471a6da210396d&lang=it&ds=st011&pr=sa&d=2012-06-26 02:16&v=11.1.0.7&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security Technical Preview\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Loncarevic\AppData\Roaming\Mozilla\Firefox\Profiles\p2wmt99k.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
SafeBoot-SolutoService
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{2C41B757-F5D0-44F9-A206-EEB9CD973927}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}\Service Center Setup PC.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{4A818508-3355-4FBC-B302-D53B599DD9D5}\Traktor 2 Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files\Sony\VAIO Personalization Manager\VpmIfPav.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Completion time: 2012-07-07 02:34:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 00:34
.
Pre-Run: 282,413,072,384 byte disponibili
Post-Run: 283,237,285,888 byte disponibili
.
- - End Of File - - 216B9EA2111D02A0AD46B5C577E20BD2



Thanks,


Fidel
  • 0

#12
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

Please go to: VirusTotal
Posted Image
  • Click the Choose File button and search for the following file (one by one):

    c:\windows\system32\services.exe

  • Click Open > Scan It!.
  • Please be patient while the file is scanned.
  • Copy and past the Link (URL) with the results.

# Step 2 #

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    services.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#13
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
I got stuck on the step one. My services.exe is hidden in VirusTotal window.. I can only see it from direct folder, but when I choose 'Choose file' I can only see services.msc... Can I make a shortcut on the desktop or copy it there and try it that way?

Thanks in advance,

Fidel
  • 0

#14
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi Fidel,

Go to step 2. :thumbsup:
  • 0

#15
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Ok, here's the SystemLook.txt log ..

SystemLook 30.07.11 by jpshortstuff
Log created at 02:26 on 10/07/2012 by Loncarevic
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "services.exe"
C:\Windows\erdnt\cache64\services.exe	--a---- 328704 bytes	[00:32 07/07/2012]	[19:39 29/06/2012] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe	--a---- 328704 bytes	[23:19 13/07/2009]	[01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-

Thanks,

Fidel

Edited by Fidel Castro, 09 July 2012 - 06:49 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP