Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Win64:Sirefef-A and Rootkit Win32:Sirefef-AO [Solved]


  • This topic is locked This topic is locked

#1
Pvv

Pvv

    New Member

  • Member
  • Pip
  • 7 posts
Hello and thank you in advance for your help!

My Avast IS keeps blocking every 5-10 minutes Trojan Win64:Sirefef-A, Rootkit Win32:Sirefef-AO and also keeps blocking some url with .cn address.
I tried running MBAM which had found and deleted trojan but it's still there. Full scans by Avast also didn't help.

Here is log from OTL:

OTL logfile created on: 11.07.2012 16:55:30 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Valeriy\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 46,46% Memory free
6,19 Gb Paging File | 4,29 Gb Available in Paging File | 69,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290,91 Gb Total Space | 27,70 Gb Free Space | 9,52% Space Free | Partition Type: NTFS
Drive D: | 7,17 Gb Total Space | 0,00 Gb Free Space | 0,02% Space Free | Partition Type: NTFS

Computer Name: VALERIY | User Name: Valeriy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.10 22:31:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Valeriy\Downloads\OTL.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.03 18:21:27 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012.06.27 11:58:22 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.27 11:58:22 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.23 07:08:18 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012.06.20 17:16:48 | 000,400,352 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.06.15 00:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.05.12 07:23:54 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011.11.18 03:39:10 | 000,105,472 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2011.10.19 01:33:48 | 000,640,264 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ABBYY Lingvo x5\LvAgent.exe
PRC - [2011.05.17 21:23:49 | 000,816,904 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\Lingvo\15.0\Licensing\NetworkLicenseServer.exe
PRC - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\pg_ctl.exe
PRC - [2011.01.28 07:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\postgres.exe
PRC - [2011.01.06 09:04:56 | 000,181,192 | ---- | M] () -- C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe
PRC - [2010.01.24 23:00:00 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files\Total Commander\Totalcmd.exe
PRC - [2009.07.21 21:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009.07.21 21:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.22 15:32:06 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008.04.15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 15:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.02.20 21:10:12 | 000,619,832 | ---- | M] (Apple Inc.) -- C:\Program Files\DVD or CD Sharing\ODSAgent.exe
PRC - [2008.02.12 22:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe
PRC - [2007.12.11 10:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.10 15:42:27 | 000,836,608 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\version.dll
MOD - [2012.06.23 07:08:18 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.20 17:16:52 | 001,977,312 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2012.06.20 17:16:51 | 000,162,784 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012.06.20 17:16:51 | 000,021,984 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012.06.15 00:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.03.16 16:23:42 | 000,008,192 | ---- | M] () -- C:\Users\Valeriy\AppData\Roaming\Thunderbird\Profiles\pzfe9tkw.default\extensions\[email protected]\lib\tray_x86-msvc.dll
MOD - [2012.02.22 11:58:12 | 008,296,448 | ---- | M] () -- C:\Program Files\Daum\PotPlayer\ffcodec.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.01.06 09:04:56 | 000,181,192 | ---- | M] () -- C:\Program Files\Daum\PotPlayer\PotPlayerMini.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.Lingvo.Desktop.14.0)
SRV - [2012.07.08 07:54:08 | 000,116,720 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.03 18:21:27 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.27 11:58:22 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.23 07:08:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.05.17 21:23:49 | 000,816,904 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\Lingvo\15.0\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.Lingvo.Desktop.15.0)
SRV - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- c:\postgreSQL\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2009.07.21 21:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)
SRV - [2009.04.11 08:27:31 | 002,092,544 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\System32\dfsr.exe -- (DFSR)
SRV - [2008.08.22 15:32:06 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.04.15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008.03.26 16:27:52 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.03.12 17:24:52 | 000,302,144 | ---- | M] (DigitalPersona, Inc.) [Disabled | Stopped] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008.02.12 22:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe -- (AESTFilters)
SRV - [2007.12.11 10:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [2009/04/03 20:21:53] [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,202,928 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 18:21:53 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012.07.03 18:21:52 | 000,113,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012.06.27 22:33:54 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012.06.27 11:58:24 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.18 19:19:24 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2011.09.21 17:18:53 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.03.22 02:25:30 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV - [2010.09.02 23:36:25 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010.07.29 12:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.03.25 19:09:38 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.03.25 19:09:38 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.25 19:09:38 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.10.03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.21 21:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.06.26 21:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.11.21 20:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.10.24 15:31:42 | 000,009,216 | ---- | M] (SNEG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FStarForce.sys -- (FStarForce)
DRV - [2008.04.15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.04.01 13:14:10 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.27 10:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 10:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.03.26 16:28:08 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.01.24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.07.11 08:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007.06.18 15:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....60&pvid=6.2.1.5
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....60&pvid=6.2.1.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {576E3DB8-8BD3-47C9-A4C2-6A7A1A2C1127}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{576E3DB8-8BD3-47C9-A4C2-6A7A1A2C1127}: "URL" = http://www.google.ru...
IE - HKCU\..\SearchScopes\{F3EA7F57-D2E2-4F52-821E-09BF8DB8321C}: "URL" = http://ru.wikipedia....i/{searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.10 16:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.08 18:19:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 17:16:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012.07.08 18:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valeriy\AppData\Roaming\mozilla\Extensions
[2010.02.21 10:09:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valeriy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.08 18:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valeriy\AppData\Roaming\mozilla\Firefox\Profiles\d9g98dwa.default\extensions
[2012.07.08 18:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valeriy\AppData\Roaming\mozilla\Firefox\Profiles\d9g98dwa.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}
[2012.07.09 18:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valeriy\AppData\Roaming\mozilla\Firefox\Profiles\gxedmpxl.default\extensions
[2012.07.08 18:19:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.09 12:30:21 | 000,525,327 | ---- | M] () (No name found) -- C:\USERS\VALERIY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GXEDMPXL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.07.08 18:46:56 | 000,018,786 | ---- | M] () (No name found) -- C:\USERS\VALERIY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GXEDMPXL.DEFAULT\EXTENSIONS\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.XPI
[2012.06.15 00:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009.09.29 08:28:45 | 000,000,791 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Lingvo Launcher] C:\Program Files\ABBYY Lingvo x5\LvAgent.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Общие DVD или CD] C:\Program Files\DVD or CD Sharing\ODSAgent.exe (Apple Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Добавить в Анти-Баннер - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm File not found
O8 - Extra context menu item: Отправить изображение на &устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Отправить страницу на &устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fulltiltpoker.com ([cashier] https in Надежные узлы)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{885442AB-3279-4777-A836-29458CF34CE0}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0cfb0dfb-0d36-11e1-a802-be905bc9cd0f}\Shell - "" = AutoRun
O33 - MountPoints2\{0cfb0dfb-0d36-11e1-a802-be905bc9cd0f}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{0cfb0e3a-0d36-11e1-a802-e87ec9c227ee}\Shell - "" = AutoRun
O33 - MountPoints2\{0cfb0e3a-0d36-11e1-a802-e87ec9c227ee}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3366069a-bdbe-11df-a6db-89ccb1301e09}\Shell - "" = AutoRun
O33 - MountPoints2\{3366069a-bdbe-11df-a6db-89ccb1301e09}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{9d1ef74f-fdb3-11dd-8a94-001e68d6d35a}\Shell - "" = AutoRun
O33 - MountPoints2\{9d1ef74f-fdb3-11dd-8a94-001e68d6d35a}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.10 16:15:19 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.07.10 16:15:19 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.07.10 16:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.07.10 16:15:18 | 000,113,776 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012.07.10 16:13:46 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.07.10 16:13:46 | 000,202,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012.07.10 16:13:46 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.07.10 16:13:46 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.07.10 16:13:46 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.07.10 16:12:54 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012.07.10 16:12:52 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.07.10 15:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.07.10 14:59:16 | 000,018,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012.07.10 14:57:43 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.10 14:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.07.10 14:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2012.07.10 14:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2012.07.10 13:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.09 13:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.07.09 13:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.07.08 18:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.07.07 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\Valeriy\AppData\Roaming\Media Player Classic
[2012.06.26 20:27:39 | 000,000,000 | ---D | C] -- C:\Users\Valeriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
[2012.06.26 20:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\AP Tuner
[2012.06.23 08:56:34 | 000,000,000 | ---D | C] -- C:\Users\Valeriy\AppData\Local\Macromedia
[2012.06.17 10:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.17 10:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.17 10:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.17 09:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.17 09:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008.12.31 10:37:56 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Valeriy\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.11 16:51:17 | 000,151,456 | ---- | M] () -- C:\Users\Valeriy\Documents\TPV Virtual - Informe de Compra.pdf
[2012.07.11 15:19:23 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.11 15:19:23 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.11 07:19:40 | 000,673,354 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.11 07:19:32 | 000,673,354 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.11 07:19:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.11 07:18:43 | 3218,296,832 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.10 22:38:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.10 16:15:19 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.07.10 16:13:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.07.09 12:59:02 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.07.08 18:19:03 | 000,000,870 | ---- | M] () -- C:\Users\Valeriy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.07.08 18:08:40 | 000,006,606 | ---- | M] () -- C:\Users\Valeriy\Documents\cc_20120708_180837.reg
[2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.07.03 18:21:53 | 000,202,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.07.03 18:21:53 | 000,018,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012.07.03 18:21:52 | 000,113,776 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.06.27 22:33:54 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012.06.27 11:58:24 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.23 22:05:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.17 16:33:49 | 000,704,000 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2012.06.17 16:33:49 | 000,635,056 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.17 16:33:49 | 000,147,146 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2012.06.17 16:33:49 | 000,119,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.17 10:09:23 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.13 16:35:16 | 000,446,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.11 16:51:15 | 000,151,456 | ---- | C] () -- C:\Users\Valeriy\Documents\TPV Virtual - Informe de Compra.pdf
[2012.07.10 16:34:41 | 3218,296,832 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.10 16:15:19 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.07.09 12:28:42 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@
[2012.07.08 18:19:02 | 000,000,870 | ---- | C] () -- C:\Users\Valeriy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.07.08 18:19:02 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.08 18:08:38 | 000,006,606 | ---- | C] () -- C:\Users\Valeriy\Documents\cc_20120708_180837.reg
[2012.06.17 10:09:23 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.17 14:40:03 | 000,000,000 | ---- | C] () -- C:\Windows\graphedt.INI
[2012.01.11 08:43:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2012.01.11 08:43:13 | 000,002,048 | -HS- | C] () -- C:\Users\Valeriy\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2011.12.18 19:15:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.11.13 14:57:39 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2011.06.09 15:04:19 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.04.19 08:33:58 | 000,488,448 | ---- | C] () -- C:\Windows\System32\apdfprintmon.dll
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.04 10:03:19 | 000,163,948 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.12.09 15:02:31 | 000,021,821 | ---- | C] () -- C:\Windows\cscmondump.bin
[2010.12.09 14:48:59 | 000,663,392 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2010.02.28 20:10:13 | 000,000,036 | ---- | C] () -- C:\Users\Valeriy\AppData\Local\housecall.guid.cache
[2010.02.17 19:12:03 | 000,000,045 | ---- | C] () -- C:\Users\Valeriy\AppData\Local\machpro.dat
[2010.01.20 10:09:44 | 000,000,164 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009.10.11 12:37:25 | 000,005,104 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009.03.27 18:07:35 | 000,000,632 | RHS- | C] () -- C:\Users\Valeriy\ntuser.pol
[2009.03.27 16:46:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.24 17:43:18 | 000,007,808 | ---- | C] () -- C:\Users\Valeriy\AppData\Local\d3d9caps.dat
[2009.01.01 13:08:38 | 000,074,752 | ---- | C] () -- C:\Users\Valeriy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.31 10:56:59 | 000,001,057 | ---- | C] () -- C:\Users\Valeriy\AppData\Roaming\vso_ts_preview.xml
[2008.12.31 10:37:56 | 000,087,608 | ---- | C] () -- C:\Users\Valeriy\AppData\Roaming\inst.exe
[2008.12.31 10:37:56 | 000,007,887 | ---- | C] () -- C:\Users\Valeriy\AppData\Roaming\pcouffin.cat
[2008.12.31 10:37:56 | 000,001,144 | ---- | C] () -- C:\Users\Valeriy\AppData\Roaming\pcouffin.inf
[2008.12.27 22:32:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.09.14 23:46:08 | 000,673,354 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.09.14 23:46:08 | 000,673,354 | ---- | C] () -- C:\ProgramData\nvModes.001

========== LOP Check ==========

[2012.03.17 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Acronis
[2010.02.04 19:19:38 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\BITS
[2011.12.16 13:57:04 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\DAEMON Tools Lite
[2008.12.26 19:25:17 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\DigitalPersona
[2010.02.12 07:11:57 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\DMCache
[2011.12.18 19:58:30 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\EAC
[2009.03.31 14:30:20 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\ESET
[2012.07.09 22:38:54 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\foobar2000
[2011.03.28 09:31:43 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\HEM Data
[2012.05.12 15:40:16 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\HoldemManager
[2011.12.19 13:11:36 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\ImgBurn
[2011.07.23 13:33:00 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\InfraRecorder
[2011.12.17 13:06:08 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\IObit
[2010.02.25 15:24:21 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\KeePass
[2011.12.18 21:24:49 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\LEAPS
[2011.07.23 11:00:55 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Notepad++
[2010.05.12 16:10:55 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\OpenOffice.org
[2010.02.08 12:37:40 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\postgresql
[2012.06.21 13:27:03 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\PotPlayerMini
[2011.04.18 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\QuickScan
[2011.11.13 14:57:31 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Research In Motion
[2011.02.20 10:39:18 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Roaming
[2011.07.28 11:18:41 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Softland
[2011.06.09 09:16:38 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\SumatraPDF
[2011.11.21 13:32:07 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\TeamViewer
[2010.09.20 10:39:41 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Thinstall
[2010.02.21 10:09:15 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Thunderbird
[2011.04.18 19:48:27 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\UDC Profiles
[2010.10.19 07:24:36 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Uniblue
[2012.07.11 17:12:50 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\uTorrent
[2011.11.12 16:08:32 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Vodafone
[2012.04.15 09:41:05 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Vso
[2012.07.10 22:38:31 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:6B9ADB51
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8CEFE51A

< End of report >





Thank you!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets remove the annoyance for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :Files
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
    C:\Users\Valeriy\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
Pvv

Pvv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
For now no any annoyances, thank you!

Here are logs from OTL and Combofix:

OTL logfile created on: 11.07.2012 19:59:33 - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Valeriy\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 58,98% Memory free
6,20 Gb Paging File | 4,94 Gb Available in Paging File | 79,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290,91 Gb Total Space | 29,82 Gb Free Space | 10,25% Space Free | Partition Type: NTFS
Drive D: | 7,17 Gb Total Space | 0,00 Gb Free Space | 0,02% Space Free | Partition Type: NTFS

Computer Name: VALERIY | User Name: Valeriy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.10 22:31:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Valeriy\Downloads\OTL.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.03 18:21:27 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012.06.27 11:58:22 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.27 11:58:22 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.15 00:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.05.12 07:23:54 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011.11.18 03:39:10 | 000,105,472 | ---- | M] (Nike) -- C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
PRC - [2011.10.19 01:33:48 | 000,640,264 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ABBYY Lingvo x5\LvAgent.exe
PRC - [2011.05.17 21:23:49 | 000,816,904 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\Lingvo\15.0\Licensing\NetworkLicenseServer.exe
PRC - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\pg_ctl.exe
PRC - [2011.01.28 07:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\postgres.exe
PRC - [2010.01.24 23:00:00 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files\Total Commander\Totalcmd.exe
PRC - [2009.07.21 21:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009.07.21 21:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.22 15:32:06 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008.04.15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 15:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.02.20 21:10:12 | 000,619,832 | ---- | M] (Apple Inc.) -- C:\Program Files\DVD or CD Sharing\ODSAgent.exe
PRC - [2008.02.12 22:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe
PRC - [2007.12.11 10:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.10 15:42:27 | 000,836,608 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\version.dll
MOD - [2012.06.15 00:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.Lingvo.Desktop.14.0)
SRV - [2012.07.08 07:54:08 | 000,116,720 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.03 18:21:27 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.27 11:58:22 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.23 07:08:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.05.17 21:23:49 | 000,816,904 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\Lingvo\15.0\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.Lingvo.Desktop.15.0)
SRV - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- c:\postgreSQL\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2009.07.21 21:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)
SRV - [2009.04.11 08:27:31 | 002,092,544 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\System32\dfsr.exe -- (DFSR)
SRV - [2008.08.22 15:32:06 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.04.15 15:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008.03.26 16:27:52 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.03.12 17:24:52 | 000,302,144 | ---- | M] (DigitalPersona, Inc.) [Disabled | Stopped] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008.02.12 22:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe -- (AESTFilters)
SRV - [2007.12.11 10:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [2009/04/03 20:21:53] [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,202,928 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.03 18:21:53 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012.07.03 18:21:52 | 000,113,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012.06.27 22:33:54 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012.06.27 11:58:24 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.18 19:19:24 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2011.09.21 17:18:53 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.03.22 02:25:30 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV - [2010.09.02 23:36:25 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010.07.29 12:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.03.25 19:09:38 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.03.25 19:09:38 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.25 19:09:38 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.10.03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.21 21:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.06.26 21:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.11.21 20:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.10.24 15:31:42 | 000,009,216 | ---- | M] (SNEG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FStarForce.sys -- (FStarForce)
DRV - [2008.04.15 12:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.04.01 13:14:10 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.27 10:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 10:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.03.26 16:28:08 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.01.24 15:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.07.11 08:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007.06.18 15:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....60&pvid=6.2.1.5
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....60&pvid=6.2.1.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {576E3DB8-8BD3-47C9-A4C2-6A7A1A2C1127}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{576E3DB8-8BD3-47C9-A4C2-6A7A1A2C1127}: "URL" = http://www.google.ru...
IE - HKCU\..\SearchScopes\{F3EA7F57-D2E2-4F52-821E-09BF8DB8321C}: "URL" = http://ru.wikipedia....i/{searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.10 16:13:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.08 18:19:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 17:16:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012.07.08 18:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valeriy\AppData\Roaming\mozilla\Extensions
[2010.02.21 10:09:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valeriy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.08 18:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valeriy\AppData\Roaming\mozilla\Firefox\Profiles\d9g98dwa.default\extensions
[2012.07.08 18:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valeriy\AppData\Roaming\mozilla\Firefox\Profiles\d9g98dwa.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}
[2012.07.09 18:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valeriy\AppData\Roaming\mozilla\Firefox\Profiles\gxedmpxl.default\extensions
[2012.07.08 18:19:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.07.09 12:30:21 | 000,525,327 | ---- | M] () (No name found) -- C:\USERS\VALERIY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GXEDMPXL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.07.08 18:46:56 | 000,018,786 | ---- | M] () (No name found) -- C:\USERS\VALERIY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GXEDMPXL.DEFAULT\EXTENSIONS\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.XPI
[2012.06.15 00:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012.07.11 19:47:27 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Lingvo Launcher] C:\Program Files\ABBYY Lingvo x5\LvAgent.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nike+ Connect] C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Общие DVD или CD] C:\Program Files\DVD or CD Sharing\ODSAgent.exe (Apple Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Добавить в Анти-Баннер - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm File not found
O8 - Extra context menu item: Отправить изображение на &устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Отправить страницу на &устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fulltiltpoker.com ([cashier] https in Надежные узлы)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{885442AB-3279-4777-A836-29458CF34CE0}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0cfb0dfb-0d36-11e1-a802-be905bc9cd0f}\Shell - "" = AutoRun
O33 - MountPoints2\{0cfb0dfb-0d36-11e1-a802-be905bc9cd0f}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{0cfb0e3a-0d36-11e1-a802-e87ec9c227ee}\Shell - "" = AutoRun
O33 - MountPoints2\{0cfb0e3a-0d36-11e1-a802-e87ec9c227ee}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3366069a-bdbe-11df-a6db-89ccb1301e09}\Shell - "" = AutoRun
O33 - MountPoints2\{3366069a-bdbe-11df-a6db-89ccb1301e09}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{9d1ef74f-fdb3-11dd-8a94-001e68d6d35a}\Shell - "" = AutoRun
O33 - MountPoints2\{9d1ef74f-fdb3-11dd-8a94-001e68d6d35a}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.11 19:47:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.10 16:15:19 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.07.10 16:15:19 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.07.10 16:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.07.10 16:15:18 | 000,113,776 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012.07.10 16:13:46 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.07.10 16:13:46 | 000,202,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012.07.10 16:13:46 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.07.10 16:13:46 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.07.10 16:13:46 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.07.10 16:12:54 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012.07.10 16:12:52 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.07.10 15:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.07.10 14:59:16 | 000,018,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012.07.10 14:57:43 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.10 14:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.07.10 14:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puran Defrag
[2012.07.10 14:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag
[2012.07.10 13:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.09 13:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.07.09 13:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.07.08 18:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.07.07 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\Valeriy\AppData\Roaming\Media Player Classic
[2012.06.26 20:27:39 | 000,000,000 | ---D | C] -- C:\Users\Valeriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
[2012.06.26 20:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\AP Tuner
[2012.06.23 08:56:34 | 000,000,000 | ---D | C] -- C:\Users\Valeriy\AppData\Local\Macromedia
[2012.06.17 10:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.17 10:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.17 10:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.17 09:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.17 09:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008.12.31 10:37:56 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Valeriy\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012.07.11 20:00:34 | 004,576,462 | ---- | M] (Swearware) -- C:\Users\Valeriy\Desktop\ComboFix.exe
[2012.07.11 19:52:12 | 000,673,354 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.11 19:51:45 | 000,673,354 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.11 19:51:23 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.11 19:51:23 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.11 19:51:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.11 19:51:14 | 3218,296,832 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.11 19:50:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.11 19:47:27 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.07.11 16:51:17 | 000,151,456 | ---- | M] () -- C:\Users\Valeriy\Documents\TPV Virtual - Informe de Compra.pdf
[2012.07.10 16:15:19 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.07.10 16:13:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.07.09 12:59:02 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.07.08 18:19:03 | 000,000,870 | ---- | M] () -- C:\Users\Valeriy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.07.08 18:08:40 | 000,006,606 | ---- | M] () -- C:\Users\Valeriy\Documents\cc_20120708_180837.reg
[2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.07.03 18:21:53 | 000,202,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.07.03 18:21:53 | 000,018,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012.07.03 18:21:52 | 000,113,776 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.06.27 22:33:54 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012.06.27 11:58:24 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.23 22:05:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.17 16:33:49 | 000,704,000 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2012.06.17 16:33:49 | 000,635,056 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.17 16:33:49 | 000,147,146 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2012.06.17 16:33:49 | 000,119,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.17 10:09:23 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.13 16:35:16 | 000,446,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012.07.11 16:51:15 | 000,151,456 | ---- | C] () -- C:\Users\Valeriy\Documents\TPV Virtual - Informe de Compra.pdf
[2012.07.10 16:34:41 | 3218,296,832 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.10 16:15:19 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012.07.08 18:19:02 | 000,000,870 | ---- | C] () -- C:\Users\Valeriy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.07.08 18:19:02 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.08 18:08:38 | 000,006,606 | ---- | C] () -- C:\Users\Valeriy\Documents\cc_20120708_180837.reg
[2012.06.17 10:09:23 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.17 14:40:03 | 000,000,000 | ---- | C] () -- C:\Windows\graphedt.INI
[2011.12.18 19:15:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.11.13 14:57:39 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2011.06.09 15:04:19 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.04.19 08:33:58 | 000,488,448 | ---- | C] () -- C:\Windows\System32\apdfprintmon.dll
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.04 10:03:19 | 000,163,948 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.12.09 15:02:31 | 000,021,821 | ---- | C] () -- C:\Windows\cscmondump.bin
[2010.12.09 14:48:59 | 000,663,392 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2010.02.28 20:10:13 | 000,000,036 | ---- | C] () -- C:\Users\Valeriy\AppData\Local\housecall.guid.cache
[2010.02.17 19:12:03 | 000,000,045 | ---- | C] () -- C:\Users\Valeriy\AppData\Local\machpro.dat
[2010.01.20 10:09:44 | 000,000,164 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009.10.11 12:37:25 | 000,005,104 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009.03.27 18:07:35 | 000,000,632 | RHS- | C] () -- C:\Users\Valeriy\ntuser.pol
[2009.03.27 16:46:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.24 17:43:18 | 000,007,808 | ---- | C] () -- C:\Users\Valeriy\AppData\Local\d3d9caps.dat
[2009.01.01 13:08:38 | 000,074,752 | ---- | C] () -- C:\Users\Valeriy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.31 10:56:59 | 000,001,057 | ---- | C] () -- C:\Users\Valeriy\AppData\Roaming\vso_ts_preview.xml
[2008.12.31 10:37:56 | 000,087,608 | ---- | C] () -- C:\Users\Valeriy\AppData\Roaming\inst.exe
[2008.12.31 10:37:56 | 000,007,887 | ---- | C] () -- C:\Users\Valeriy\AppData\Roaming\pcouffin.cat
[2008.12.31 10:37:56 | 000,001,144 | ---- | C] () -- C:\Users\Valeriy\AppData\Roaming\pcouffin.inf
[2008.12.27 22:32:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.09.14 23:46:08 | 000,673,354 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.09.14 23:46:08 | 000,673,354 | ---- | C] () -- C:\ProgramData\nvModes.001

========== LOP Check ==========

[2012.03.17 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Acronis
[2010.02.04 19:19:38 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\BITS
[2011.12.16 13:57:04 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\DAEMON Tools Lite
[2008.12.26 19:25:17 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\DigitalPersona
[2010.02.12 07:11:57 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\DMCache
[2011.12.18 19:58:30 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\EAC
[2009.03.31 14:30:20 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\ESET
[2012.07.09 22:38:54 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\foobar2000
[2011.03.28 09:31:43 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\HEM Data
[2012.05.12 15:40:16 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\HoldemManager
[2011.12.19 13:11:36 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\ImgBurn
[2011.07.23 13:33:00 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\InfraRecorder
[2011.12.17 13:06:08 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\IObit
[2010.02.25 15:24:21 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\KeePass
[2011.12.18 21:24:49 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\LEAPS
[2011.07.23 11:00:55 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Notepad++
[2010.05.12 16:10:55 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\OpenOffice.org
[2010.02.08 12:37:40 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\postgresql
[2012.06.21 13:27:03 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\PotPlayerMini
[2011.04.18 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\QuickScan
[2011.11.13 14:57:31 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Research In Motion
[2011.02.20 10:39:18 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Roaming
[2011.07.28 11:18:41 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Softland
[2011.06.09 09:16:38 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\SumatraPDF
[2011.11.21 13:32:07 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\TeamViewer
[2010.09.20 10:39:41 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Thinstall
[2010.02.21 10:09:15 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Thunderbird
[2011.04.18 19:48:27 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\UDC Profiles
[2010.10.19 07:24:36 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Uniblue
[2012.07.11 20:12:42 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\uTorrent
[2011.11.12 16:08:32 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Vodafone
[2012.04.15 09:41:05 | 000,000,000 | ---D | M] -- C:\Users\Valeriy\AppData\Roaming\Vso
[2012.07.11 19:50:06 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:6B9ADB51
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8CEFE51A

< End of report >



ComboFix 12-07-11.03 - Valeriy 11.07.2012 20:42:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1251.7.1049.18.3068.1409 [GMT 2:00]
Running from: c:\users\Valeriy\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Valeriy\AppData\Roaming\Roaming
c:\users\Valeriy\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml
c:\windows\XSxS
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 )))))))))))))))))))))))))))))))
.
.
2012-07-11 18:55 . 2012-07-11 18:58 -------- d-----w- c:\users\Valeriy\AppData\Local\temp
2012-07-11 18:55 . 2012-07-11 18:55 -------- d-----w- c:\users\postgres.VALERIY\AppData\Local\temp
2012-07-11 18:55 . 2012-07-11 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-11 17:47 . 2012-07-11 17:47 -------- d-----w- C:\_OTL
2012-07-10 14:15 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-10 14:15 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-10 14:15 . 2012-07-03 16:21 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-07-10 14:13 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-10 14:13 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-10 14:13 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-10 14:13 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-10 14:13 . 2012-07-03 16:21 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-07-10 14:12 . 2012-06-27 20:33 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-07-10 14:12 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-10 13:37 . 2012-07-10 14:12 -------- d-----w- c:\program files\AVAST Software
2012-07-10 12:59 . 2012-07-03 16:21 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-07-10 12:57 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-10 12:56 . 2012-07-10 14:12 -------- d-----w- c:\programdata\AVAST Software
2012-07-10 12:34 . 2011-12-26 13:33 254464 ----a-w- c:\windows\system32\PuranDC.exe
2012-07-10 12:34 . 2011-12-26 11:51 216576 ----a-w- c:\windows\system32\PuranDefrag.dll
2012-07-10 12:34 . 2012-07-10 12:34 -------- d-----w- c:\program files\Puran Defrag
2012-07-10 12:34 . 2011-12-26 13:33 1133568 ----a-w- c:\windows\system32\PuranFD.exe
2012-07-10 12:34 . 2011-12-26 13:33 258048 ----a-w- c:\windows\system32\PuranDefragS.exe
2012-07-10 12:34 . 2011-12-26 13:33 107008 ----a-w- c:\windows\system32\PuranDefragBT.exe
2012-07-10 11:10 . 2012-07-10 11:10 -------- d-----w- c:\program files\ESET
2012-07-09 11:58 . 2012-07-10 12:51 -------- d-----w- c:\programdata\Norton
2012-07-07 13:05 . 2012-07-08 16:06 -------- d-----w- c:\users\Valeriy\AppData\Roaming\Media Player Classic
2012-07-07 05:15 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CFE55D7-5D42-4D76-9FF6-A26FAC65B9BF}\mpengine.dll
2012-06-26 18:27 . 2012-06-26 18:27 -------- d-----w- c:\program files\AP Tuner
2012-06-23 06:56 . 2012-06-23 06:56 -------- d-----w- c:\users\Valeriy\AppData\Local\Macromedia
2012-06-22 05:07 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 05:07 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 05:07 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 05:07 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 05:06 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 05:06 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 05:06 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 05:06 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 05:06 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 08:07 . 2012-06-17 08:07 -------- d-----w- c:\program files\iPod
2012-06-17 08:07 . 2012-06-17 08:09 -------- d-----w- c:\program files\iTunes
2012-06-17 07:51 . 2012-06-17 07:51 159744 ----a-w- c:\program files\Internet Explorer\Модули\npqtplugin7.dll
2012-06-17 07:51 . 2012-06-17 07:51 159744 ----a-w- c:\program files\Internet Explorer\Модули\npqtplugin6.dll
2012-06-17 07:51 . 2012-06-17 07:51 159744 ----a-w- c:\program files\Internet Explorer\Модули\npqtplugin5.dll
2012-06-17 07:51 . 2012-06-17 07:51 159744 ----a-w- c:\program files\Internet Explorer\Модули\npqtplugin4.dll
2012-06-17 07:51 . 2012-06-17 07:51 159744 ----a-w- c:\program files\Internet Explorer\Модули\npqtplugin3.dll
2012-06-17 07:51 . 2012-06-17 07:51 159744 ----a-w- c:\program files\Internet Explorer\Модули\npqtplugin2.dll
2012-06-17 07:51 . 2012-06-17 07:51 159744 ----a-w- c:\program files\Internet Explorer\Модули\npqtplugin.dll
2012-06-17 07:50 . 2012-06-17 07:51 -------- d-----w- c:\program files\QuickTime
2012-06-13 13:21 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 13:21 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 13:21 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 13:21 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 13:21 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 09:58 . 2010-12-09 09:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 05:08 . 2012-04-05 05:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 05:08 . 2011-05-21 09:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-20 04:52 . 2006-11-02 06:25 9008 ----a-w- c:\windows\system\ver.dll
2012-05-20 04:52 . 2006-11-02 06:25 9008 ----a-w- c:\windows\system32\ver.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-14 22:20 . 2012-07-08 16:19 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-05-12 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"Lingvo Launcher"="c:\program files\ABBYY Lingvo x5\LvAgent.exe" [2011-10-18 640264]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2011-11-18 105472]
"Общие DVD или CD"="c:\program files\DVD or CD Sharing\ODSAgent.exe" [2008-02-20 619832]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-06-27 462920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe"
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2193580301-1822025039-2674426086-1001]
"EnableNotificationsRef"=dword:00000001
.
R2 ABBYY.Licensing.Lingvo.Desktop.14.0;Сервис лицензирования ABBYY Lingvo x3;c:\program files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 ABBYY.Licensing.Lingvo.Desktop.15.0;ABBYY Lingvo x5 Licencing Service;c:\program files\Common Files\ABBYY\Lingvo\15.0\Licensing\NetworkLicenseServer.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 05:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=6.2.1.5
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=6.2.1.5
uInternet Settings,ProxyOverride = *.local
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Добавить в Анти-Баннер - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Отправить изображение на &устройство Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Отправить страницу на &устройство Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: fulltiltpoker.com\cashier
TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
FF - ProfilePath - c:\users\Valeriy\AppData\Roaming\Mozilla\Firefox\Profiles\gxedmpxl.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-11 20:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,27,52,b8,da,d4,0f,41,82,81,b1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,27,52,b8,da,d4,0f,41,82,81,b1,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b2
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\DPPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(5980)
c:\program files\ABBYY Lingvo x5\LvHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\afwServ.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\postgresql\bin\pg_ctl.exe
c:\windows\SMINST\BLService.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Total Commander\Totalcmd.exe
.
**************************************************************************
.
Completion time: 2012-07-11 21:08:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-11 19:07
.
Pre-Run: 25 100 140 544 байт свободно
Post-Run: 25 057 779 712 байт свободно
.
- - End Of File - - 1B8F22A873673D8FB03E7C7293E8A672


Thank you!
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Pretty , could you now update MBAM and run a quick scan. Posting the resultant log

Also any outstanding problems ?
  • 0

#5
Pvv

Pvv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Everything seems to be perfect, nothing unusual, thank you. However there are a bunch of new folders on my disc C, like: _OTL, boot, Combofix, Programdata, Qoobox, System.sav, can I delete them now?

Here is MBAM log:

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.12.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Valeriy :: VALERIY [administrator]

Protection: Disabled

12.07.2012 16:35:09
mbam-log-2012-07-12 (16-35-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254699
Time elapsed: 7 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Thank you.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

However there are a bunch of new folders on my disc C, like: _OTL, boot, Combofix, Programdata, Qoobox, System.sav, can I delete them now?

Let me do that for you :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#7
Pvv

Pvv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello again!

Thank you a lot for the help everything is working great. However even after cleaning I have some new folders on C: which I don't remember to be there before: Boot, System.sav. Should they also be removed or I just didn't notice them before?

Thank you!
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
They are system files and should be hidden .. Did you reset the

We will now confirm that your hidden files are set to that, as some of the tools I use will change that


  • 0

#9
Pvv

Pvv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Yes Sir, I just double checked it and both Total Commander and Windows Folder Properties are set not to show hidden files and folders.

Thank you!
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you go to Control panel > Folder options > View
And ensure that hide system files as indicated is checked... As those are system files


[attachment=58991:Capture.GIF]
  • 0

#11
Pvv

Pvv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Yes, I just ensured that it is checked.

Thank you.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
They are legitimate so you can just leave them :)
  • 0

#13
Pvv

Pvv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, thanks!
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP