Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RasMan keeps trying to run every 5 minutes, Windows freezing/crashing,


  • Please log in to reply

#1
mcs123

mcs123

    Member

  • Member
  • PipPip
  • 27 posts
Hey all,

Sorry for making this a rather lengthy post, but I figured I should include a detailed description so it might spare you from having to ask certain questions later on.

I'm running an XP Pro SP3, with main security software being the Comodo Internet Security suit.

There have been strange things happening on my computer. In a chronological order, this is how it went:

First, a few weeks ago, an unusual crash happened when I was not even installing/running programs. Monitor went into stand-by mode, computer became completely unresponsive. I forced a reboot from the power button.

It booted and worked like normal from what I remember, but a couple days later I noticed from System Events Viewer that after it had encountered the crash, upon the next boot, there had been services running that hadn't before: RasMan and Telephony. Since then, they had now ran on each boot. I disabled them.

A day or so later, my computer started freezing up. It would happen suddenly, and at random times, regardless of whether there was internet connection or whether I was running programs. Each freeze resulted in me having to force a reboot.

Ran a Repair installation from XP CD, didn't help. Freezes still kept occurring. Soon after, Windows wouldn't even load anymore. My computer would get stuck at the loading screen, and this would happen when trying to run in safe mode also. Now even trying to reinstall Windows wasn't an option, as Windows installation would get stuck at the screen where it inspects the hard drive on which you wish to install the OS on. It detected the drive size, but for everything else it displayed a value of 0 (device 0, port 0, etc).

The only way I got Windows to start was by choosing 'Use last known good configuration' option, but I now have to do this every time I want to get it to work. I ran a checking software by the manufacturer of my HD and it detected no errors on the main drive. It detected errors on my secondary drive, however, and a third drive of mine could not even be detected by Windows nor BIOS (this drive was giving me trouble a while before the first crash even came into picture; Windows would not start if this drive was plugged in so I had to take it out).

And before you speculate that the freezes are caused by a failing hard drive, I've tried running Windows with only the main drive plugged in (the one that passed the hard drive tests), and the freezes/booting problems have persisted.

Ran WinDiag for several hours with extensive tests and it found no errors.

Have ran full scans with (up-to-date) Comodo Internet Security, Malwarebytes' Anti-Malware, TDSSKiller, HitmanPro, SuperAntiSpyWare, GMER, Sophos Virus Removal Tool, none of them found anything severe.

I noticed that after doing the Repair installation, it has reseted the settings for some of the services that I tweaked. For example, Telephony remained disabled as I had set it, but RasMan was now running again. It now tries to run precisely every 5 minute, regardless of whether there is internet connection, and I have no idea what application might be triggering it.

At one point, as I booted, I got an error message upon logging in: "SAS window: winlogon.exe - Corrupt folder or file: C:\$Mft is corrupt and unreadable. Please run the chkdsk tool." A few seconds later, Windows froze.

I ran chkdsk /r off the XP installation disc (I couldn't run it without it; when given the 'perform on boot?' option, I chose 'yes' but it never ran the scan no matter how many times I set it to do so), and it found errors and fixed them.

Now Windows runs without freezing (at least so far), but I still have to start it via 'Use last known good configuration', and RasMan still tries to run every 5 minutes.

Additionally, when checking system events viewer, I noticed that in addition to the winlogon.exe error entry, there was also an error entry that said the exact same thing, but for msnmsgr.exe.

There was also an error entry, under 'applications', that said: "The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 62 of \eventsystemobj.cpp Please contact Microsoft Product Support Services to report this error."

Strange thing is, I also saw this error entry on my other computer recently (perhaps I should include an OTL log from this computer also?). I suspected the blaster worm virus, but I've ran full scans with all the afore mentioned software, and they have picked up nothing.

There are also several error entries pertaining to disk errors etc. But this post is already lengthy enough as it is, so I'll post those later if requested.

Any ideas? Below are the OTL logs (am I supposed to post the 'extras' log also?).

(note: After running the repair installation, my SP3 was reverted back to SP2. I have not plugged it online to update, since I don't know if a trojan is behind some of this)

And thanks for your time.

----------------------------------------------------------------------

OTL logfile created on: 9.9.2012 5:24:48 - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Documents and Settings\tilapainen\Työpöytä
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

1022,48 Mb Total Physical Memory | 445,16 Mb Available Physical Memory | 43,54% Memory free
2,40 Gb Paging File | 1,85 Gb Available in Paging File | 76,89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 115,34 Gb Free Space | 77,39% Space Free | Partition Type: NTFS
Drive E: | 1,20 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: EMT-F8A04F66186 | User Name: tilapainen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.09 03:57:20 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tilapainen\Työpöytä\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.12 00:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012.03.12 00:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011.12.20 18:12:18 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011.08.12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010.05.07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007.04.19 20:33:01 | 000,271,936 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2005.01.10 05:36:22 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004.09.15 15:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011.12.19 21:59:43 | 000,068,424 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010.05.07 19:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008.03.25 19:58:06 | 000,408,064 | ---- | M] () -- C:\Program Files\TrojanHunter 5.1\contmenu.dll
MOD - [2007.06.03 10:05:20 | 000,159,744 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2007.06.03 10:04:14 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2007.05.22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004.09.15 15:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\TILAPA~1\LOCALS~1\Temp\023832~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0238321285298521mcinstcleanup)
SRV - [2012.08.25 05:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.12 00:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011.12.20 18:12:18 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011.08.12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010.09.01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2009.12.01 20:43:02 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\boeyeo.sys -- (xmdyceh)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\naxd.sys -- (vvhlsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\wkgtoqil.sys -- (vckvuqe)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\yvrmtas.sys -- (odwfflsn)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\vaui.sys -- (nyijmef)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\qaqbhki.sys -- (nffga)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TILAPA~1\LOCALS~1\Temp\WMV61.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\xyvajgj.sys -- (fjifwwl)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ekayq.sys -- (dkltto)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\tmqrxcjw.sys -- (cybsetbg)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\xvkuxmkv.sys -- (alum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.12 00:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012.03.12 00:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012.03.12 00:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012.03.12 00:13:43 | 000,018,056 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2011.12.01 05:11:26 | 000,303,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\tilapainen\Työpöytä\CCE\ccekrnl.dat -- (extywb)
DRV - [2011.07.22 19:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.13 00:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.05.15 01:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010.05.15 01:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010.05.15 01:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.05.15 01:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010.04.09 16:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.25 11:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 12:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.20 11:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.07.02 14:49:32 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.02.12 03:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2008.02.09 04:40:41 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.02.05 01:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008.01.26 14:55:04 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2007.09.08 02:48:56 | 000,096,704 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007.08.16 17:26:12 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007.08.16 17:26:10 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2005.11.04 11:14:22 | 000,033,408 | ---- | M] (IC Plus Corp. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipgdnd51.sys -- (ipgd)
DRV - [2005.01.11 20:17:04 | 002,306,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004.09.15 15:00:00 | 000,223,616 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2004.09.10 12:15:00 | 000,007,680 | ---- | M] (ABIT Computer Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ABIT-IO.SYS -- (ABIT-IO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fi.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fi
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 E7 D3 6B 0A 7F CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20101009
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: J:\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\tilapainen\Application Data\Octoshape\Octoshape Streaming Services\sua-0910050-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\tilapainen\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\tilapainen\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\tilapainen\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\tilapainen\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 20:24:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.30 20:07:29 | 000,000,000 | ---D | M]

[2008.09.06 14:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Extensions
[2012.08.18 01:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions
[2008.01.26 22:37:43 | 000,000,000 | ---D | M] (chinup) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\{28fe3db0-1945-11db-a98b-0800200c9a66}
[2012.03.30 15:59:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.08.15 22:19:56 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16}
[2012.08.18 01:18:34 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\[email protected]
[2011.03.27 22:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\nostmp
[2012.08.17 01:17:51 | 002,282,511 | ---- | M] () (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\[email protected]
[2012.07.26 00:17:48 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.29 23:50:29 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.08.30 20:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007.07.18 12:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.08.25 05:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.12.22 17:11:24 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
[2012.02.18 22:17:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.08.25 05:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 05:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009.05.08 17:25:12 | 000,305,915 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10536 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\tilapainen\Työpöytä\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\tilapainen\Työpöytä\PartyPoker.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: hotmail.com ([]* in Luotettavat sivustot)
O15 - HKCU\..Trusted Domains: live.com ([]* in Luotettavat sivustot)
O15 - HKCU\..Trusted Domains: msn.com ([]* in Luotettavat sivustot)
O15 - HKCU\..Trusted Domains: passport.com ([]* in Luotettavat sivustot)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {59DBDDA6-9A80-42A4-B824-9BC50CC172F5} http://www.programch...m/dll/nixon.cab (Zenturi ConfigMgrEx Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} http://playple.com/v...ab/SLViewer.cab (SLViewer Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - No CLSID value found.
O24 - Desktop Components:0 (Nykyinen kotisivu) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\tilapainen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\tilapainen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.04.01 22:19:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5f6bccae-6306-11e0-973d-00508dd7c25c}\Shell - "" = AutoRun
O33 - MountPoints2\{5f6bccae-6306-11e0-973d-00508dd7c25c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{62ed048e-1f4d-11e1-98a5-00508dd7c25c}\Shell - "" = AutoRun
O33 - MountPoints2\{62ed048e-1f4d-11e1-98a5-00508dd7c25c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{74b0fc12-06ca-11e0-9676-00508dd7c25c}\Shell - "" = AutoRun
O33 - MountPoints2\{74b0fc12-06ca-11e0-9676-00508dd7c25c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{74b0fc18-06ca-11e0-9676-00508dd7c25c}\Shell - "" = AutoRun
O33 - MountPoints2\{74b0fc18-06ca-11e0-9676-00508dd7c25c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.09 05:23:39 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tilapainen\Työpöytä\OTL.exe
[2012.09.07 07:19:29 | 002,306,304 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS
[2012.09.07 00:25:16 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012.09.06 05:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\ProcessMonitor
[2012.09.06 05:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\apps
[2012.09.01 06:55:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012.09.01 06:50:48 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012.09.01 06:50:48 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012.09.01 06:50:46 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2012.09.01 06:50:46 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2012.09.01 06:50:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2012.09.01 06:50:44 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2012.09.01 06:50:44 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2012.09.01 06:50:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2012.09.01 06:50:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2012.09.01 06:50:43 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012.09.01 06:50:32 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2012.09.01 06:50:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012.09.01 06:50:28 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2012.09.01 06:50:28 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2012.09.01 06:50:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2012.09.01 06:50:27 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2012.09.01 06:50:27 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2012.09.01 06:50:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2012.09.01 06:50:26 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012.09.01 06:50:26 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012.09.01 06:50:26 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012.09.01 06:50:23 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2012.09.01 06:50:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2012.09.01 06:50:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2012.09.01 06:50:21 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012.09.01 06:50:21 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2012.09.01 06:50:17 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2012.09.01 06:50:17 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2012.09.01 06:50:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012.09.01 06:50:17 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2012.09.01 06:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012.09.01 06:50:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2012.09.01 06:50:16 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2012.09.01 06:50:16 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2012.09.01 06:50:16 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2012.09.01 06:50:16 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2012.09.01 06:50:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012.09.01 06:50:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012.09.01 06:50:14 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2012.09.01 06:50:14 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012.09.01 06:50:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012.09.01 06:50:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012.09.01 06:50:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012.09.01 06:50:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012.09.01 06:50:13 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012.09.01 06:50:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012.09.01 06:50:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012.09.01 06:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012.09.01 06:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012.09.01 06:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012.09.01 06:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012.09.01 06:50:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012.09.01 06:50:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012.09.01 06:50:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012.09.01 06:50:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012.09.01 06:50:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012.09.01 06:50:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012.09.01 06:50:00 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012.09.01 06:49:59 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012.09.01 06:49:59 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012.09.01 06:49:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2012.09.01 06:49:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2012.09.01 06:49:55 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012.09.01 06:49:55 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012.09.01 06:49:52 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2012.09.01 06:49:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012.09.01 06:49:51 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012.09.01 06:49:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2012.09.01 06:49:47 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012.09.01 06:49:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2012.09.01 06:49:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012.09.01 06:49:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012.09.01 06:49:46 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2012.09.01 06:49:46 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2012.09.01 06:49:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2012.09.01 06:49:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2012.09.01 06:49:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012.09.01 06:49:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2012.09.01 06:49:33 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2012.09.01 06:49:27 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2012.09.01 06:49:10 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012.09.01 06:49:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2012.09.01 06:49:09 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012.09.01 06:49:09 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2012.09.01 06:49:09 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2012.09.01 06:49:08 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2012.09.01 06:49:07 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012.09.01 06:49:06 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2012.09.01 06:49:06 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2012.09.01 06:49:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2012.09.01 06:49:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2012.09.01 06:49:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2012.09.01 06:49:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2012.09.01 06:49:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012.09.01 06:49:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2012.09.01 06:49:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2012.09.01 06:49:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2012.09.01 06:49:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2012.09.01 06:49:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2012.09.01 06:49:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2012.09.01 06:49:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2012.09.01 06:48:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2012.09.01 06:48:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2012.09.01 06:48:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2012.09.01 06:48:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2012.09.01 06:48:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2012.09.01 06:48:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2012.09.01 06:48:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2012.09.01 06:48:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2012.09.01 06:48:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2012.09.01 06:48:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2012.09.01 06:48:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2012.09.01 06:48:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2012.09.01 06:48:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2012.09.01 06:48:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2012.09.01 06:48:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2012.09.01 06:48:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2012.09.01 06:48:54 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012.09.01 06:48:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2012.09.01 06:48:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2012.09.01 06:48:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2012.09.01 06:48:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2012.09.01 06:48:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2012.09.01 06:48:51 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2012.09.01 06:48:50 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2012.09.01 06:48:50 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2012.09.01 06:48:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2012.09.01 06:48:44 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2012.09.01 06:48:44 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2012.09.01 06:48:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2012.09.01 06:48:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2012.09.01 06:48:44 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2012.09.01 06:48:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2012.09.01 06:48:43 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2012.09.01 06:48:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2012.09.01 06:48:25 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012.09.01 06:48:24 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2012.09.01 06:48:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2012.09.01 06:48:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2012.09.01 06:48:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2012.09.01 06:48:20 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2012.09.01 06:48:19 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2012.09.01 06:48:18 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2012.09.01 06:48:18 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2012.09.01 06:48:18 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2012.09.01 06:48:18 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2012.09.01 06:48:18 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2012.09.01 06:48:18 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2012.09.01 06:48:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012.09.01 06:48:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2012.09.01 06:48:17 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2012.09.01 06:48:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012.09.01 06:48:17 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2012.09.01 06:48:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2012.09.01 06:48:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2012.09.01 06:48:17 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2012.09.01 06:48:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2012.09.01 06:48:16 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2012.09.01 06:48:16 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2012.09.01 06:48:16 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2012.09.01 06:48:16 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012.09.01 06:48:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012.09.01 06:48:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2012.09.01 06:48:15 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2012.09.01 06:48:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2012.09.01 06:48:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2012.09.01 06:48:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2012.09.01 06:48:14 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2012.09.01 06:48:14 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2012.09.01 06:48:13 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012.09.01 06:48:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012.09.01 06:48:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2012.09.01 06:48:11 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2012.09.01 06:48:11 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2012.09.01 06:48:11 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012.09.01 06:48:11 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2012.09.01 06:48:10 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012.09.01 06:48:10 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012.09.01 06:48:10 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012.09.01 06:48:00 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2012.09.01 06:47:58 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2012.09.01 06:47:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2012.09.01 06:47:58 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012.09.01 06:47:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2012.09.01 06:47:56 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2012.09.01 06:47:54 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2012.09.01 06:47:54 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2012.09.01 06:47:54 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2012.09.01 06:47:53 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2012.09.01 06:47:53 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2012.09.01 06:47:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012.09.01 06:47:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012.09.01 06:47:52 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012.09.01 06:47:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012.09.01 06:47:50 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012.09.01 06:47:49 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2012.09.01 06:47:40 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2012.09.01 06:47:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2012.09.01 06:47:28 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2012.09.01 06:47:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2012.09.01 06:47:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2012.09.01 06:47:27 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2012.09.01 06:47:27 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2012.09.01 06:47:27 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012.09.01 06:47:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2012.09.01 06:47:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2012.09.01 06:47:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012.09.01 06:47:16 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2012.09.01 06:47:16 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2012.09.01 06:47:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2012.09.01 06:47:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2012.09.01 06:47:10 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2012.09.01 06:47:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2012.09.01 06:47:09 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2012.09.01 06:47:08 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2012.09.01 06:47:08 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2012.09.01 06:47:02 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2012.09.01 06:47:01 | 000,832,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2012.09.01 06:47:01 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2012.09.01 06:47:01 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2012.09.01 06:47:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2012.09.01 06:47:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2012.09.01 06:47:00 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2012.09.01 06:47:00 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2012.09.01 06:47:00 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2012.09.01 06:47:00 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2012.09.01 06:47:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2012.09.01 06:47:00 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2012.09.01 06:47:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2012.09.01 06:46:59 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2012.09.01 06:46:59 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2012.09.01 06:46:59 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2012.09.01 06:46:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2012.09.01 06:46:58 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2012.09.01 06:46:58 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2012.09.01 06:46:58 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2012.09.01 06:46:58 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2012.09.01 06:46:58 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2012.09.01 06:46:57 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2012.09.01 06:46:57 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2012.09.01 06:46:57 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2012.09.01 06:46:57 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2012.09.01 06:46:57 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2012.09.01 06:46:57 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2012.09.01 06:46:57 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2012.09.01 06:46:56 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2012.09.01 06:46:55 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2012.09.01 06:46:55 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2012.09.01 06:46:55 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2012.09.01 06:46:55 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2012.09.01 06:46:55 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2012.09.01 06:46:54 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2012.09.01 06:46:54 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2012.09.01 06:46:54 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2012.09.01 06:46:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2012.09.01 06:46:53 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2012.09.01 06:46:52 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2012.09.01 06:44:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2012.09.01 06:25:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2012.09.01 06:25:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2012.09.01 06:25:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2012.09.01 06:25:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2012.09.01 01:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\test
[2012.09.01 00:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\HitmanPro
[2012.09.01 00:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.09.01 00:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
[2012.08.31 22:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Application Data\SUPERAntiSpyware.com
[2012.08.31 22:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2012.08.31 22:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.08.31 22:23:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.08.31 21:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012.08.31 21:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Seagate
[2012.08.31 21:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2012.08.31 21:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\Autoruns
[2012.08.31 21:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.08.31 20:59:23 | 050,449,456 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\tilapainen\Työpöytä\dotNetFx40_Full_x86_x64.exe
[2012.08.31 20:51:55 | 007,758,424 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\tilapainen\Työpöytä\HitmanPro36.exe
[2012.08.31 20:51:10 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tilapainen\Työpöytä\tdsskiller.exe
[2012.08.31 20:50:53 | 019,519,528 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\tilapainen\Työpöytä\SUPERAntiSpyware.exe
[2012.08.31 20:50:45 | 019,519,728 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\tilapainen\Työpöytä\SUPERAntiSpywarePro.exe
[2012.08.31 15:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\CrystalDiskInfo
[2012.08.31 15:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2012.08.31 15:15:04 | 003,103,776 | ---- | C] (Crystal Dew World ) -- C:\Documents and Settings\tilapainen\Työpöytä\CrystalDiskInfo5_0_3Shizuku-en.exe
[2012.08.31 15:14:59 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.08.30 20:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Application Data\Malwarebytes
[2012.08.30 20:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Malwarebytes' Anti-Malware
[2012.08.30 20:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2012.08.30 20:38:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.30 20:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.30 20:29:31 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\tilapainen\Työpöytä\mbam-setup-1.62.0.1300.exe
[2012.08.30 20:29:31 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\tilapainen\Työpöytä\mbam-clean-1.60.2.0003.exe
[2012.08.30 19:54:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\tilapainen\Käynnistä-valikko\Ohjelmat\Valvontatyökalut
[2012.08.30 19:54:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012.08.30 19:54:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\tilapainen\Recent
[2012.08.30 07:34:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012.08.29 23:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Omat tiedostot
[2012.08.29 23:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\Downloads
[2012.08.15 00:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Local Settings\Application Data\Google
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[132 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.09.09 03:57:20 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tilapainen\Työpöytä\OTL.exe
[2012.09.09 02:07:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.09 02:07:01 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012.09.07 09:59:30 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.07 08:55:36 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\tilapainen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 06:40:01 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 86a31f33-2771-40e0-bf19-220dfd227e8c.job
[2012.09.06 07:35:58 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\SeaTools for Windows.lnk
[2012.09.05 23:32:21 | 005,836,954 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\AutoRuns log.arn
[2012.09.03 22:32:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\ws8rc1kx.exe
[2012.09.01 06:59:07 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\tilapainen\Application Data\Microsoft\Internet Explorer\Quick Launch\Käynnistä Internet Explorer -selain.lnk
[2012.09.01 06:58:56 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2012.09.01 06:57:12 | 000,496,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.01 06:57:12 | 000,472,338 | ---- | M] () -- C:\WINDOWS\System32\perfh00B.dat
[2012.09.01 06:57:12 | 000,102,616 | ---- | M] () -- C:\WINDOWS\System32\perfc00B.dat
[2012.09.01 06:57:12 | 000,085,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.01 06:54:57 | 000,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.09.01 06:52:48 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012.09.01 06:46:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012.09.01 06:46:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012.09.01 06:46:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012.09.01 06:46:07 | 000,004,381 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012.09.01 06:42:45 | 000,022,736 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.09.01 06:40:21 | 000,000,222 | -HS- | M] () -- C:\boot.ini
[2012.09.01 05:29:41 | 000,054,949 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2012.09.01 02:32:20 | 000,000,000 | ---- | M] () -- C:\WindowsLiveMessenger-uccapi-0.uccapilog
[2012.09.01 00:59:31 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\HitmanPro.lnk
[2012.08.31 22:39:05 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\SUPERAntiSpyware Professional.lnk
[2012.08.31 21:07:09 | 000,537,139 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\Autoruns.zip
[2012.08.31 21:00:05 | 050,449,456 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\tilapainen\Työpöytä\dotNetFx40_Full_x86_x64.exe
[2012.08.31 20:52:01 | 007,758,424 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\tilapainen\Työpöytä\HitmanPro36.exe
[2012.08.31 20:51:29 | 019,519,528 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\tilapainen\Työpöytä\SUPERAntiSpyware.exe
[2012.08.31 20:51:23 | 019,519,728 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\tilapainen\Työpöytä\SUPERAntiSpywarePro.exe
[2012.08.31 20:51:22 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tilapainen\Työpöytä\tdsskiller.exe
[2012.08.31 20:50:26 | 021,476,536 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\SeaToolsforWindowsSetup-1206.exe
[2012.08.31 20:49:51 | 000,130,247 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\bluescreenview_setup.exe
[2012.08.31 15:18:58 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\CrystalDiskInfo.lnk
[2012.08.31 15:15:29 | 003,103,776 | ---- | M] (Crystal Dew World ) -- C:\Documents and Settings\tilapainen\Työpöytä\CrystalDiskInfo5_0_3Shizuku-en.exe
[2012.08.31 04:54:06 | 000,105,136 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\nimetön7.JPG
[2012.08.30 20:38:32 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\tilapainen\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.08.30 20:38:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\Malwarebytes Anti-Malware.lnk
[2012.08.30 20:27:06 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\tilapainen\Työpöytä\mbam-setup-1.62.0.1300.exe
[2012.08.30 20:26:28 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\tilapainen\Työpöytä\mbam-clean-1.60.2.0003.exe
[2012.08.30 20:24:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\Mozilla Firefox.lnk
[2012.08.26 03:28:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.08.15 17:57:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[132 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.05 23:32:16 | 005,836,954 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\AutoRuns log.arn
[2012.09.01 06:48:48 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012.09.01 06:48:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012.09.01 06:47:53 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012.09.01 06:25:28 | 001,014,139 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2012.09.01 06:25:28 | 000,809,684 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012.09.01 06:25:28 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012.09.01 06:25:28 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012.09.01 06:25:28 | 000,102,826 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012.09.01 06:25:28 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012.09.01 06:25:28 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012.09.01 06:25:28 | 000,030,983 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012.09.01 06:25:28 | 000,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012.09.01 06:25:28 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012.09.01 06:25:28 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012.09.01 06:25:28 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012.09.01 06:25:28 | 000,007,407 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012.09.01 06:25:28 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012.09.01 06:25:27 | 001,895,804 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012.09.01 06:25:27 | 000,620,210 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012.09.01 05:14:40 | 000,000,520 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 86a31f33-2771-40e0-bf19-220dfd227e8c.job
[2012.09.01 02:23:17 | 000,000,000 | ---- | C] () -- C:\WindowsLiveMessenger-uccapi-0.uccapilog
[2012.09.01 00:59:31 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\HitmanPro.lnk
[2012.08.31 22:39:05 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\SUPERAntiSpyware Professional.lnk
[2012.08.31 21:35:50 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\SeaTools for Windows.lnk
[2012.08.31 21:07:00 | 000,537,139 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\Autoruns.zip
[2012.08.31 20:50:08 | 021,476,536 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\SeaToolsforWindowsSetup-1206.exe
[2012.08.31 20:49:46 | 000,130,247 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\bluescreenview_setup.exe
[2012.08.31 15:18:58 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\CrystalDiskInfo.lnk
[2012.08.31 00:58:44 | 000,054,949 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2012.08.30 20:38:32 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\tilapainen\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.08.30 20:38:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\Malwarebytes Anti-Malware.lnk
[2012.02.16 21:21:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.08 19:08:38 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2011.10.24 12:49:28 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011.07.13 07:20:04 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011.07.11 22:47:08 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011.07.11 22:46:57 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009.07.06 21:23:40 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\tilapainen\Local Settings\Application Data\d3d9caps.dat
[2008.10.26 20:05:41 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\tilapainen\userprefs.prop
[2008.01.26 16:49:28 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\tilapainen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.25 14:51:54 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2006.04.03 16:50:45 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CA73D29

< End of report >

Edited by mcs123, 08 September 2012 - 09:42 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,904 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\TILAPA~1\LOCALS~1\Temp\023832~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -- (0238321285298521mcinstcleanup)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\boeyeo.sys -- (xmdyceh)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\naxd.sys -- (vvhlsb)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\wkgtoqil.sys -- (vckvuqe)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\yvrmtas.sys -- (odwfflsn)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\vaui.sys -- (nyijmef)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\qaqbhki.sys -- (nffga)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TILAPA~1\LOCALS~1\Temp\WMV61.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\xyvajgj.sys -- (fjifwwl)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ekayq.sys -- (dkltto)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\tmqrxcjw.sys -- (cybsetbg)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\xvkuxmkv.sys -- (alum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2011.12.01 05:11:26 | 000,303,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\tilapainen\Työpöytä\CCE\ccekrnl.dat -- (extywb)
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http_port: 8080
[2011.03.27 22:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\nostmp
[2012.08.17 01:17:51 | 002,282,511 | ---- | M] () (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\[email protected]
[2012.07.26 00:17:48 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.10.29 23:50:29 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2007.07.18 12:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008.12.22 17:11:24 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
[2012.02.18 22:17:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\tilapainen\Työpöytä\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\tilapainen\Työpöytä\PartyPoker.lnk File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - No CLSID value found.
O33 - MountPoints2\{5f6bccae-6306-11e0-973d-00508dd7c25c}\Shell - "" = AutoRun
O33 - MountPoints2\{5f6bccae-6306-11e0-973d-00508dd7c25c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{62ed048e-1f4d-11e1-98a5-00508dd7c25c}\Shell - "" = AutoRun
O33 - MountPoints2\{62ed048e-1f4d-11e1-98a5-00508dd7c25c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{74b0fc12-06ca-11e0-9676-00508dd7c25c}\Shell - "" = AutoRun
O33 - MountPoints2\{74b0fc12-06ca-11e0-9676-00508dd7c25c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{74b0fc18-06ca-11e0-9676-00508dd7c25c}\Shell - "" = AutoRun
O33 - MountPoints2\{74b0fc18-06ca-11e0-9676-00508dd7c25c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CA73D29
O34 - HKLM BootExecute: (Partizan)

:files
C:\WINDOWS\Installer\{12d0253a-7c96-815c-11e0-3034bbd97cc0}
C:\Documents and Settings\kathryn\Local Settings\Application Data\{12d0253a-7c96-815c-11e0-3034bbd97cc0}\@
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Documents and Settings\kathryn\Application Data\Xaafso
reg query HKLM\System\CurrentControlSet\Control\Session Manager /s /c


:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.



IF OTL hangs, try it again but first delete this line:

O34 - HKLM BootExecute: (Partizan)


Download aswMBR.exe ( 511KB ) to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
mcs123

mcs123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thank you for the very prompt response, and apologies for my delayed one. I had trouble getting the PC to start.

OK, I did all the steps you recommended. However, a few problems:

1) OTL did not create a log when performing the fix (I tried a couple of times). I did another scan after that and saved the log from it, so I will be posting that.
2) Before running Combofix, I disabled my AV, but I forgot to disable a program called WinPatrol. As Combofix was finishing up and creating a report, WinPatrol popped up and warned of host file having been replaced with a new one. Hopefully this has not created an interference.
3) I could not use VEW, because it said it is not compatible with the language of my OS. So instead, I included some entries both from the system event viewer and application, and I tried to translate them from my native language to English.
4) OTL did indeed hang up at "034 - HKLM BootExecute: (Partizan)", so I did the fix without it.

Logs are below.



OTL Log 1 (scanned right after the fix):

---------------------------------

OTL logfile created on: 9.9.2012 22:51:53 - Run 3
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Documents and Settings\tilapainen\Työpöytä\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

1022,48 Mb Total Physical Memory | 476,46 Mb Available Physical Memory | 46,60% Memory free
2,40 Gb Paging File | 1,86 Gb Available in Paging File | 77,38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 115,30 Gb Free Space | 77,36% Space Free | Partition Type: NTFS

Computer Name: EMT-F8A04F66186 | User Name: tilapainen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.09 03:57:20 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tilapainen\Työpöytä\OTL\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.12 00:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012.03.12 00:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011.12.20 18:12:18 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011.08.12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010.05.07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007.04.19 20:33:01 | 000,271,936 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2005.01.10 05:36:22 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004.09.15 15:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.09.15 15:00:00 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe


========== Modules (No Company Name) ==========

MOD - [2011.12.19 21:59:43 | 000,068,424 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010.05.07 19:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2007.06.03 10:05:20 | 000,159,744 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2007.06.03 10:04:14 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2004.09.15 15:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2012.08.25 05:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.12 00:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011.12.20 18:12:18 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011.08.12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010.09.01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2009.12.01 20:43:02 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\TILAPA~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.12 00:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012.03.12 00:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012.03.12 00:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012.03.12 00:13:43 | 000,018,056 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2011.07.22 19:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.13 00:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.05.15 01:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010.05.15 01:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010.05.15 01:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.05.15 01:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010.04.09 16:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.25 11:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 12:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.20 11:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.07.02 14:49:32 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.02.12 03:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2008.02.09 04:40:41 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.02.05 01:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008.01.26 14:55:04 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2007.09.08 02:48:56 | 000,096,704 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007.08.16 17:26:12 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007.08.16 17:26:10 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2005.11.04 11:14:22 | 000,033,408 | ---- | M] (IC Plus Corp. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipgdnd51.sys -- (ipgd)
DRV - [2005.01.11 20:17:04 | 002,306,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004.09.15 15:00:00 | 000,223,616 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2004.09.10 12:15:00 | 000,007,680 | ---- | M] (ABIT Computer Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ABIT-IO.SYS -- (ABIT-IO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fi.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fi
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 E7 D3 6B 0A 7F CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20101009
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: J:\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\tilapainen\Application Data\Octoshape\Octoshape Streaming Services\sua-0910050-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\tilapainen\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\tilapainen\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\tilapainen\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\tilapainen\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 20:24:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 21:05:11 | 000,000,000 | ---D | M]

[2008.09.06 14:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Extensions
[2012.09.09 21:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions
[2008.01.26 22:37:43 | 000,000,000 | ---D | M] (chinup) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\{28fe3db0-1945-11db-a98b-0800200c9a66}
[2012.03.30 15:59:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.08.15 22:19:56 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16}
[2012.08.18 01:18:34 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\[email protected]
[2012.09.09 21:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TILAPAINEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\22U9JTKO.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.08.25 05:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.25 05:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 05:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009.05.08 17:25:12 | 000,305,915 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10536 more lines...
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: hotmail.com ([]* in Luotettavat sivustot)
O15 - HKCU\..Trusted Domains: live.com ([]* in Luotettavat sivustot)
O15 - HKCU\..Trusted Domains: msn.com ([]* in Luotettavat sivustot)
O15 - HKCU\..Trusted Domains: passport.com ([]* in Luotettavat sivustot)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {59DBDDA6-9A80-42A4-B824-9BC50CC172F5} http://www.programch...m/dll/nixon.cab (Zenturi ConfigMgrEx Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} http://playple.com/v...ab/SLViewer.cab (SLViewer Control)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Nykyinen kotisivu) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\tilapainen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\tilapainen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.04.01 22:19:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.09 21:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\OTL
[2012.09.09 21:05:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.09 20:54:30 | 004,747,716 | ---- | C] (Swearware) -- C:\Documents and Settings\tilapainen\Työpöytä\ComboFix.exe
[2012.09.09 20:54:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\tilapainen\Työpöytä\aswMBR.exe
[2012.09.09 20:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\polt
[2012.09.09 20:32:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\tilapainen\Recent
[2012.09.09 05:23:39 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tilapainen\Työpöytä\OTL.exe
[2012.09.07 07:19:29 | 002,306,304 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS
[2012.09.07 00:25:16 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012.09.06 05:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\ProcessMonitor
[2012.09.06 05:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\apps
[2012.09.01 06:55:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012.09.01 06:50:48 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012.09.01 06:50:48 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012.09.01 06:50:46 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2012.09.01 06:50:46 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2012.09.01 06:50:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2012.09.01 06:50:44 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2012.09.01 06:50:44 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2012.09.01 06:50:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2012.09.01 06:50:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2012.09.01 06:50:43 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012.09.01 06:50:32 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2012.09.01 06:50:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012.09.01 06:50:28 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2012.09.01 06:50:28 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2012.09.01 06:50:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2012.09.01 06:50:27 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2012.09.01 06:50:27 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2012.09.01 06:50:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2012.09.01 06:50:26 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012.09.01 06:50:26 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012.09.01 06:50:26 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012.09.01 06:50:23 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2012.09.01 06:50:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2012.09.01 06:50:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2012.09.01 06:50:21 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012.09.01 06:50:21 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2012.09.01 06:50:17 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2012.09.01 06:50:17 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2012.09.01 06:50:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012.09.01 06:50:17 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2012.09.01 06:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012.09.01 06:50:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2012.09.01 06:50:16 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2012.09.01 06:50:16 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2012.09.01 06:50:16 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2012.09.01 06:50:16 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2012.09.01 06:50:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012.09.01 06:50:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012.09.01 06:50:14 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2012.09.01 06:50:14 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012.09.01 06:50:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012.09.01 06:50:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012.09.01 06:50:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012.09.01 06:50:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012.09.01 06:50:13 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012.09.01 06:50:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012.09.01 06:50:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012.09.01 06:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012.09.01 06:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012.09.01 06:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012.09.01 06:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012.09.01 06:50:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012.09.01 06:50:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012.09.01 06:50:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012.09.01 06:50:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012.09.01 06:50:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012.09.01 06:50:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012.09.01 06:50:00 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012.09.01 06:49:59 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012.09.01 06:49:59 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012.09.01 06:49:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2012.09.01 06:49:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2012.09.01 06:49:55 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012.09.01 06:49:55 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012.09.01 06:49:52 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2012.09.01 06:49:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012.09.01 06:49:51 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012.09.01 06:49:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2012.09.01 06:49:47 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012.09.01 06:49:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2012.09.01 06:49:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012.09.01 06:49:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012.09.01 06:49:46 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2012.09.01 06:49:46 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2012.09.01 06:49:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2012.09.01 06:49:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2012.09.01 06:49:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012.09.01 06:49:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2012.09.01 06:49:33 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2012.09.01 06:49:27 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2012.09.01 06:49:10 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012.09.01 06:49:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2012.09.01 06:49:09 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012.09.01 06:49:09 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2012.09.01 06:49:09 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2012.09.01 06:49:08 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2012.09.01 06:49:07 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012.09.01 06:49:06 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2012.09.01 06:49:06 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2012.09.01 06:49:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2012.09.01 06:49:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2012.09.01 06:49:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2012.09.01 06:49:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2012.09.01 06:49:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012.09.01 06:49:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2012.09.01 06:49:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2012.09.01 06:49:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2012.09.01 06:49:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2012.09.01 06:49:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2012.09.01 06:49:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2012.09.01 06:49:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2012.09.01 06:48:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2012.09.01 06:48:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2012.09.01 06:48:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2012.09.01 06:48:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2012.09.01 06:48:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2012.09.01 06:48:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2012.09.01 06:48:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2012.09.01 06:48:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2012.09.01 06:48:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2012.09.01 06:48:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2012.09.01 06:48:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2012.09.01 06:48:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2012.09.01 06:48:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2012.09.01 06:48:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2012.09.01 06:48:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2012.09.01 06:48:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2012.09.01 06:48:54 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012.09.01 06:48:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2012.09.01 06:48:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2012.09.01 06:48:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2012.09.01 06:48:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2012.09.01 06:48:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2012.09.01 06:48:51 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2012.09.01 06:48:50 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2012.09.01 06:48:50 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2012.09.01 06:48:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2012.09.01 06:48:44 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2012.09.01 06:48:44 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2012.09.01 06:48:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2012.09.01 06:48:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2012.09.01 06:48:44 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2012.09.01 06:48:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2012.09.01 06:48:43 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2012.09.01 06:48:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2012.09.01 06:48:25 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012.09.01 06:48:24 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2012.09.01 06:48:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2012.09.01 06:48:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2012.09.01 06:48:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2012.09.01 06:48:20 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2012.09.01 06:48:19 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2012.09.01 06:48:18 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2012.09.01 06:48:18 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2012.09.01 06:48:18 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2012.09.01 06:48:18 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2012.09.01 06:48:18 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2012.09.01 06:48:18 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2012.09.01 06:48:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012.09.01 06:48:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2012.09.01 06:48:17 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2012.09.01 06:48:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012.09.01 06:48:17 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2012.09.01 06:48:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2012.09.01 06:48:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2012.09.01 06:48:17 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2012.09.01 06:48:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2012.09.01 06:48:16 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2012.09.01 06:48:16 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2012.09.01 06:48:16 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2012.09.01 06:48:16 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012.09.01 06:48:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012.09.01 06:48:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2012.09.01 06:48:15 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2012.09.01 06:48:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2012.09.01 06:48:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2012.09.01 06:48:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2012.09.01 06:48:14 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2012.09.01 06:48:14 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2012.09.01 06:48:13 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012.09.01 06:48:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012.09.01 06:48:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2012.09.01 06:48:11 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2012.09.01 06:48:11 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2012.09.01 06:48:11 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012.09.01 06:48:11 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2012.09.01 06:48:10 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012.09.01 06:48:10 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012.09.01 06:48:10 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012.09.01 06:48:00 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2012.09.01 06:47:58 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2012.09.01 06:47:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2012.09.01 06:47:58 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012.09.01 06:47:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2012.09.01 06:47:56 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2012.09.01 06:47:54 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2012.09.01 06:47:54 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2012.09.01 06:47:54 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2012.09.01 06:47:53 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2012.09.01 06:47:53 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2012.09.01 06:47:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012.09.01 06:47:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012.09.01 06:47:52 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012.09.01 06:47:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012.09.01 06:47:50 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012.09.01 06:47:49 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2012.09.01 06:47:40 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2012.09.01 06:47:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2012.09.01 06:47:28 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2012.09.01 06:47:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2012.09.01 06:47:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2012.09.01 06:47:27 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2012.09.01 06:47:27 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2012.09.01 06:47:27 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012.09.01 06:47:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2012.09.01 06:47:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2012.09.01 06:47:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012.09.01 06:47:16 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2012.09.01 06:47:16 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2012.09.01 06:47:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2012.09.01 06:47:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2012.09.01 06:47:10 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2012.09.01 06:47:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2012.09.01 06:47:09 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2012.09.01 06:47:08 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2012.09.01 06:47:08 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2012.09.01 06:47:02 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2012.09.01 06:47:01 | 000,832,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2012.09.01 06:47:01 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2012.09.01 06:47:01 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2012.09.01 06:47:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2012.09.01 06:47:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2012.09.01 06:47:00 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2012.09.01 06:47:00 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2012.09.01 06:47:00 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2012.09.01 06:47:00 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2012.09.01 06:47:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2012.09.01 06:47:00 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2012.09.01 06:47:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2012.09.01 06:46:59 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2012.09.01 06:46:59 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2012.09.01 06:46:59 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2012.09.01 06:46:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2012.09.01 06:46:58 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2012.09.01 06:46:58 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2012.09.01 06:46:58 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2012.09.01 06:46:58 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2012.09.01 06:46:58 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2012.09.01 06:46:57 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2012.09.01 06:46:57 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2012.09.01 06:46:57 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2012.09.01 06:46:57 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2012.09.01 06:46:57 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2012.09.01 06:46:57 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2012.09.01 06:46:57 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2012.09.01 06:46:56 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2012.09.01 06:46:55 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2012.09.01 06:46:55 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2012.09.01 06:46:55 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2012.09.01 06:46:55 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2012.09.01 06:46:55 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2012.09.01 06:46:54 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2012.09.01 06:46:54 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2012.09.01 06:46:54 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2012.09.01 06:46:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2012.09.01 06:46:53 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2012.09.01 06:46:52 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2012.09.01 06:44:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2012.09.01 06:25:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2012.09.01 06:25:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2012.09.01 06:25:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2012.09.01 06:25:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2012.09.01 01:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\test
[2012.09.01 00:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\HitmanPro
[2012.09.01 00:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.09.01 00:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
[2012.08.31 22:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Application Data\SUPERAntiSpyware.com
[2012.08.31 22:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2012.08.31 22:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.08.31 22:23:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.08.31 21:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012.08.31 21:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Seagate
[2012.08.31 21:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2012.08.31 21:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\Autoruns
[2012.08.31 21:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.08.31 20:59:23 | 050,449,456 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\tilapainen\Työpöytä\dotNetFx40_Full_x86_x64.exe
[2012.08.31 20:51:55 | 007,758,424 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\tilapainen\Työpöytä\HitmanPro36.exe
[2012.08.31 20:51:10 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tilapainen\Työpöytä\tdsskiller.exe
[2012.08.31 20:50:53 | 019,519,528 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\tilapainen\Työpöytä\SUPERAntiSpyware.exe
[2012.08.31 20:50:45 | 019,519,728 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\tilapainen\Työpöytä\SUPERAntiSpywarePro.exe
[2012.08.31 15:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\CrystalDiskInfo
[2012.08.31 15:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2012.08.31 15:15:04 | 003,103,776 | ---- | C] (Crystal Dew World ) -- C:\Documents and Settings\tilapainen\Työpöytä\CrystalDiskInfo5_0_3Shizuku-en.exe
[2012.08.31 15:14:59 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.08.30 20:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Application Data\Malwarebytes
[2012.08.30 20:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Malwarebytes' Anti-Malware
[2012.08.30 20:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2012.08.30 20:38:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.30 20:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.30 20:29:31 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\tilapainen\Työpöytä\mbam-setup-1.62.0.1300.exe
[2012.08.30 20:29:31 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\tilapainen\Työpöytä\mbam-clean-1.60.2.0003.exe
[2012.08.30 19:54:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\tilapainen\Käynnistä-valikko\Ohjelmat\Valvontatyökalut
[2012.08.30 19:54:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012.08.30 07:34:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012.08.29 23:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Omat tiedostot
[2012.08.29 23:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\Downloads
[2012.08.15 00:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Local Settings\Application Data\Google
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[132 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.09.09 22:40:00 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 86a31f33-2771-40e0-bf19-220dfd227e8c.job
[2012.09.09 22:31:01 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012.09.09 22:31:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.09 22:18:18 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\tilapainen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.09 08:38:20 | 000,013,581 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\ohjeet.rtf
[2012.09.09 08:37:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\tilapainen\Työpöytä\aswMBR.exe
[2012.09.09 08:33:38 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\tilapainen\Työpöytä\VEW.exe
[2012.09.09 08:32:00 | 004,747,716 | ---- | M] (Swearware) -- C:\Documents and Settings\tilapainen\Työpöytä\ComboFix.exe
[2012.09.09 03:57:20 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tilapainen\Työpöytä\OTL.exe
[2012.09.07 09:59:30 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.06 07:35:58 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\SeaTools for Windows.lnk
[2012.09.05 23:32:21 | 005,836,954 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\AutoRuns log.arn
[2012.09.03 22:32:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\ws8rc1kx.exe
[2012.09.01 06:59:07 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\tilapainen\Application Data\Microsoft\Internet Explorer\Quick Launch\Käynnistä Internet Explorer -selain.lnk
[2012.09.01 06:58:56 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2012.09.01 06:57:12 | 000,496,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.01 06:57:12 | 000,472,338 | ---- | M] () -- C:\WINDOWS\System32\perfh00B.dat
[2012.09.01 06:57:12 | 000,102,616 | ---- | M] () -- C:\WINDOWS\System32\perfc00B.dat
[2012.09.01 06:57:12 | 000,085,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.01 06:54:57 | 000,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.09.01 06:52:48 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012.09.01 06:46:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012.09.01 06:46:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012.09.01 06:46:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012.09.01 06:46:07 | 000,004,381 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012.09.01 06:42:45 | 000,022,736 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.09.01 06:40:21 | 000,000,222 | -HS- | M] () -- C:\boot.ini
[2012.09.01 05:29:41 | 000,054,949 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2012.09.01 02:32:20 | 000,000,000 | ---- | M] () -- C:\WindowsLiveMessenger-uccapi-0.uccapilog
[2012.09.01 00:59:31 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\HitmanPro.lnk
[2012.08.31 22:39:05 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\SUPERAntiSpyware Professional.lnk
[2012.08.31 21:07:09 | 000,537,139 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\Autoruns.zip
[2012.08.31 21:00:05 | 050,449,456 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\tilapainen\Työpöytä\dotNetFx40_Full_x86_x64.exe
[2012.08.31 20:52:01 | 007,758,424 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\tilapainen\Työpöytä\HitmanPro36.exe
[2012.08.31 20:51:29 | 019,519,528 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\tilapainen\Työpöytä\SUPERAntiSpyware.exe
[2012.08.31 20:51:23 | 019,519,728 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\tilapainen\Työpöytä\SUPERAntiSpywarePro.exe
[2012.08.31 20:51:22 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tilapainen\Työpöytä\tdsskiller.exe
[2012.08.31 20:50:26 | 021,476,536 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\SeaToolsforWindowsSetup-1206.exe
[2012.08.31 20:49:51 | 000,130,247 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\bluescreenview_setup.exe
[2012.08.31 15:18:58 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\CrystalDiskInfo.lnk
[2012.08.31 15:15:29 | 003,103,776 | ---- | M] (Crystal Dew World ) -- C:\Documents and Settings\tilapainen\Työpöytä\CrystalDiskInfo5_0_3Shizuku-en.exe
[2012.08.30 20:38:32 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\tilapainen\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.08.30 20:38:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\Malwarebytes Anti-Malware.lnk
[2012.08.30 20:27:06 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\tilapainen\Työpöytä\mbam-setup-1.62.0.1300.exe
[2012.08.30 20:26:28 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\tilapainen\Työpöytä\mbam-clean-1.60.2.0003.exe
[2012.08.30 20:24:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\Mozilla Firefox.lnk
[2012.08.26 03:28:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.08.15 17:57:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[132 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.09 20:54:30 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\tilapainen\Työpöytä\VEW.exe
[2012.09.09 20:54:30 | 000,013,581 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\ohjeet.rtf
[2012.09.08 00:33:19 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\ws8rc1kx.exe
[2012.09.05 23:32:16 | 005,836,954 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\AutoRuns log.arn
[2012.09.01 06:48:48 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012.09.01 06:48:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012.09.01 06:47:53 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012.09.01 06:25:28 | 001,014,139 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2012.09.01 06:25:28 | 000,809,684 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012.09.01 06:25:28 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012.09.01 06:25:28 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012.09.01 06:25:28 | 000,102,826 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012.09.01 06:25:28 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012.09.01 06:25:28 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012.09.01 06:25:28 | 000,030,983 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012.09.01 06:25:28 | 000,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012.09.01 06:25:28 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012.09.01 06:25:28 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012.09.01 06:25:28 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012.09.01 06:25:28 | 000,007,407 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012.09.01 06:25:28 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012.09.01 06:25:27 | 001,895,804 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012.09.01 06:25:27 | 000,620,210 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012.09.01 05:14:40 | 000,000,520 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 86a31f33-2771-40e0-bf19-220dfd227e8c.job
[2012.09.01 02:23:17 | 000,000,000 | ---- | C] () -- C:\WindowsLiveMessenger-uccapi-0.uccapilog
[2012.09.01 00:59:31 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\HitmanPro.lnk
[2012.08.31 22:39:05 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\SUPERAntiSpyware Professional.lnk
[2012.08.31 21:35:50 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\SeaTools for Windows.lnk
[2012.08.31 21:07:00 | 000,537,139 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\Autoruns.zip
[2012.08.31 20:50:08 | 021,476,536 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\SeaToolsforWindowsSetup-1206.exe
[2012.08.31 20:49:46 | 000,130,247 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\bluescreenview_setup.exe
[2012.08.31 15:18:58 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\CrystalDiskInfo.lnk
[2012.08.31 00:58:44 | 000,054,949 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2012.08.30 20:38:32 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\tilapainen\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.08.30 20:38:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\Malwarebytes Anti-Malware.lnk
[2012.02.16 21:21:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.08 19:08:38 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2011.10.24 12:49:28 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011.07.13 07:20:04 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011.07.11 22:47:08 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011.07.11 22:46:57 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009.07.06 21:23:40 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\tilapainen\Local Settings\Application Data\d3d9caps.dat
[2008.10.26 20:05:41 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\tilapainen\userprefs.prop
[2008.01.26 16:49:28 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\tilapainen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.25 14:51:54 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2006.04.03 16:50:45 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

< End of report >

-----------------------------------



aswMBR log:

----------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-09 23:55:08
-----------------------------
23:55:08.407 OS Version: Windows 5.1.2600 Service Pack 2
23:55:08.407 Number of processors: 1 586 0x2F02
23:55:08.423 ComputerName: EMT-F8A04F66186 UserName: tilapainen
23:55:09.657 Initialize success
23:57:49.001 AVAST engine defs: 12090900
23:58:32.547 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:58:32.547 Disk 0 Vendor: ST3160023A 8.01 Size: 152627MB BusType: 3
23:58:32.563 Disk 0 MBR read successfully
23:58:32.563 Disk 0 MBR scan
23:58:32.657 Disk 0 Windows XP default MBR code
23:58:32.657 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
23:58:32.735 Disk 0 scanning sectors +312560640
23:58:32.844 Disk 0 scanning C:\WINDOWS\system32\drivers
23:59:16.282 Service scanning
23:59:56.891 Modules scanning
00:00:04.313 AVAST engine scan C:\
02:52:22.266 File: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\089DE196-CC48-44E4-B465-250EC4B7E505.data **HIDDEN**
02:52:25.688 File: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\26ADFDCC-5E4A-4D1B-9FF9-5869102BD1BA.data **HIDDEN**
02:52:29.157 File: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\AB651CE5-47F2-437A-A17C-35E463B1FE77.data **HIDDEN**
02:52:32.672 File: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C1795771-B03B-4E87-A4D2-964E1A2CB0EA.data **HIDDEN**
02:52:32.954 File: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C3BCE802-5896-4CF6-B870-94AD3BCA17FF.data **HIDDEN**
02:52:36.547 File: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C3DED227-DC85-4F93-B261-A74E9CB1AEA1.data **HIDDEN**
02:52:40.032 File: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CDEB193B-2A0F-4871-99A0-948619C3CFF9.data **HIDDEN**
02:52:40.235 File: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D76D0231-5C2B-46DB-973F-022520F62797.data **HIDDEN**
02:52:59.594 Scan finished successfully
02:54:24.766 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\tilapainen\Työpöytä\MBR.dat"
02:54:24.829 The log file has been saved successfully to "C:\Documents and Settings\tilapainen\Työpöytä\aswMBR.txt"

-------------------------------------------



ComboFix log:

-------------------------------------------

ComboFix 12-09-09.02 - tilapainen 10.09.2012 3:32.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.358.1035.18.1022.492 [GMT 3:00]
Sijainti: c:\documents and settings\tilapainen\Ty÷p÷ytõ\ComboFix.exe
AV: COMODO Antivirus *Disabled/Outdated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\NetworkService.NT-HALLINTA.000\ntuser.tmp
c:\documents and settings\tilapainen\WINDOWS
c:\windows\daemon.dll
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\_000015_.tmp.dll
c:\windows\system32\_000044_.tmp.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET10.tmp
c:\windows\system32\SET10E.tmp
c:\windows\system32\SET11.tmp
c:\windows\system32\SET117.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET120.tmp
c:\windows\system32\SET121.tmp
c:\windows\system32\SET12C.tmp
c:\windows\system32\SET13D.tmp
c:\windows\system32\SET148.tmp
c:\windows\system32\SET149.tmp
c:\windows\system32\SET14A.tmp
c:\windows\system32\SET14B.tmp
c:\windows\system32\SET14C.tmp
c:\windows\system32\SET14E.tmp
c:\windows\system32\SET150.tmp
c:\windows\system32\SET151.tmp
c:\windows\system32\SET153.tmp
c:\windows\system32\SET154.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B1.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1B3.tmp
c:\windows\system32\SET1B4.tmp
c:\windows\system32\SET1B6.tmp
c:\windows\system32\SET1B7.tmp
c:\windows\system32\SET1B8.tmp
c:\windows\system32\SET1BB.tmp
c:\windows\system32\SET1BC.tmp
c:\windows\system32\SET1BD.tmp
c:\windows\system32\SET1C0.tmp
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1EE.tmp
c:\windows\system32\SET1EF.tmp
c:\windows\system32\SET1F0.tmp
c:\windows\system32\SET1F4.tmp
c:\windows\system32\SET1F5.tmp
c:\windows\system32\SET1F9.tmp
c:\windows\system32\SET1FA.tmp
c:\windows\system32\SET1FB.tmp
c:\windows\system32\SET1FF.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET203.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET20A.tmp
c:\windows\system32\SET20F.tmp
c:\windows\system32\SET217.tmp
c:\windows\system32\SET218.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21C.tmp
c:\windows\system32\SET21E.tmp
c:\windows\system32\SET222.tmp
c:\windows\system32\SET226.tmp
c:\windows\system32\SET227.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET234.tmp
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET23D.tmp
c:\windows\system32\SET241.tmp
c:\windows\system32\SET245.tmp
c:\windows\system32\SET24E.tmp
c:\windows\system32\SET24F.tmp
c:\windows\system32\SET250.tmp
c:\windows\system32\SET251.tmp
c:\windows\system32\SET252.tmp
c:\windows\system32\SET253.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET255.tmp
c:\windows\system32\SET256.tmp
c:\windows\system32\SET257.tmp
c:\windows\system32\SET258.tmp
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET25D.tmp
c:\windows\system32\SET261.tmp
c:\windows\system32\SET265.tmp
c:\windows\system32\SET266.tmp
c:\windows\system32\SET267.tmp
c:\windows\system32\SET268.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SET26B.tmp
c:\windows\system32\SET26E.tmp
c:\windows\system32\SET273.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET27B.tmp
c:\windows\system32\SET27F.tmp
c:\windows\system32\SET283.tmp
c:\windows\system32\SET284.tmp
c:\windows\system32\SET289.tmp
c:\windows\system32\SET28C.tmp
c:\windows\system32\SET290.tmp
c:\windows\system32\SET291.tmp
c:\windows\system32\SET295.tmp
c:\windows\system32\SET29B.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET2A6.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET6E.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET85.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETB1.tmp
c:\windows\system32\SETB4.tmp
c:\windows\system32\SETB8.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETDD.tmp
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETDF.tmp
c:\windows\system32\SETE.tmp
c:\windows\system32\SETEE.tmp
c:\windows\system32\SETF.tmp
c:\windows\system32\SETF2.tmp
c:\windows\system32\SETFA.tmp
c:\windows\system32\SETFB.tmp
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-08-10 to 2012-09-10 )))))))))))))))))
.
.
2012-09-01 03:50 . 2004-09-15 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-09-01 03:49 . 2004-09-15 12:00 79872 -c--a-w- c:\windows\system32\dllcache\rwia001.dll
2012-09-01 03:48 . 2004-09-15 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbdinpun.dll
2012-09-01 03:47 . 2004-09-15 12:00 56320 -c--a-w- c:\windows\system32\dllcache\convlog.exe
2012-09-01 03:46 . 2004-09-15 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2012-09-01 03:44 . 2004-09-15 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-09-01 03:44 . 2004-09-15 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-09-01 03:25 . 2004-09-15 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-09-01 03:25 . 2004-09-15 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-09-01 03:25 . 2004-09-15 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-09-01 03:25 . 2004-09-15 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-09-01 03:25 . 2004-09-15 12:00 14043 ----a-r- c:\windows\SET166.tmp
2012-09-01 03:25 . 2004-09-15 12:00 1086058 ----a-r- c:\windows\SET15A.tmp
2012-09-01 03:25 . 2004-09-15 12:00 1014139 ----a-r- c:\windows\SET157.tmp
2012-09-01 01:23 . 2012-09-01 01:23 -------- d-----w- c:\documents and settings\Järjestelmänvalvoja.EMT-F8A04F66186\Application Data\SUPERAntiSpyware.com
2012-08-31 23:23 . 2012-08-31 23:23 -------- d-----w- c:\documents and settings\TT\Tracing
2012-08-31 21:58 . 2012-08-31 21:59 -------- d-----w- c:\program files\HitmanPro
2012-08-31 21:57 . 2012-08-31 21:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro
2012-08-31 19:40 . 2012-08-31 19:40 -------- d-----w- c:\documents and settings\tilapainen\Application Data\SUPERAntiSpyware.com
2012-08-31 19:38 . 2012-08-31 19:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-31 19:38 . 2012-08-31 19:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2012-08-31 19:23 . 2012-08-31 19:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-31 18:50 . 2012-08-31 18:50 -------- d-----w- c:\program files\NirSoft
2012-08-31 18:35 . 2012-08-31 18:35 -------- d-----w- c:\program files\Seagate
2012-08-31 18:02 . 2012-08-31 18:02 -------- d-----w- c:\program files\Microsoft.NET
2012-08-31 12:18 . 2012-08-31 12:19 -------- d-----w- c:\program files\CrystalDiskInfo
2012-08-31 12:14 . 2012-08-31 12:14 -------- d-----w- C:\Downloads
2012-08-30 18:29 . 2012-08-30 18:29 -------- d-----w- c:\documents and settings\Järjestelmänvalvoja.EMT-F8A04F66186\Application Data\vlc
2012-08-30 17:39 . 2012-08-30 17:39 -------- d-----w- c:\documents and settings\tilapainen\Application Data\Malwarebytes
2012-08-30 17:38 . 2012-08-30 17:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-08-30 17:38 . 2012-08-30 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-30 17:38 . 2012-07-03 10:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 17:24 . 2012-08-25 02:00 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-30 16:54 . 2012-08-30 16:54 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-08-30 16:54 . 2012-08-30 16:54 -------- d-----w- c:\documents and settings\TT\Local Settings\Application Data\COMODO
2012-08-30 16:54 . 2012-08-30 16:54 -------- d-----w- c:\documents and settings\LocalService.NT-HALLINTA.000\Application Data\TightVNC
2012-08-30 15:46 . 2012-08-30 15:46 -------- d-----w- c:\documents and settings\Järjestelmänvalvoja.EMT-F8A04F66186\Application Data\Malwarebytes
2012-08-30 04:34 . 2012-08-30 04:38 -------- d-----w- c:\windows\system32\NtmsData
2012-08-30 00:55 . 2012-08-30 00:55 -------- d-sh--w- c:\documents and settings\TT\IETldCache
2012-08-29 20:33 . 2012-08-29 20:33 -------- d-----w- c:\documents and settings\tilapainen\Omat tiedostot
2012-08-14 21:31 . 2012-08-14 21:32 -------- d-----w- c:\documents and settings\tilapainen\Local Settings\Application Data\Google
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-08 17:24 . 2012-07-08 17:24 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2005-03-31 19:17 . 2006-04-03 13:50 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-08-25 02:01 . 2011-11-11 08:58 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-29 1432064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2004-09-15 208896]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 271936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 110592]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-15 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-09-15 44032]
"SoundMan"="SOUNDMAN.EXE" [2005-01-10 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-15 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Käynnistä-valikko^Ohjelmat^Käynnistys^Start GeekBuddy.lnk]
path=c:\documents and settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Käynnistys\Start GeekBuddy.lnk
backup=c:\windows\pss\Start GeekBuddy.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^tilapainen^Käynnistä-valikko^Ohjelmat^Käynnistys^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\tilapainen\Käynnistä-valikko\Ohjelmat\Käynnistys\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger]
2011-11-28 15:58 2976200 ----a-w- c:\program files\AntiLogger\AntiLogger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 14:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-08-14 21:31 116648 ----atw- c:\documents and settings\tilapainen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
2005-08-18 19:55 99328 ----a-w- c:\program files\SurfBouncer OpenVPN\bin\openvpn-gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-02 10:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZemanaAntiMalware]
2011-09-22 15:16 6430528 ----a-w- c:\program files\Zemana AntiMalware\ZemanaAntiMalware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Warcraft III\\Warcraft III.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Pelit\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\tilapainen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.SYS [17.7.2007 23:40 7680]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [7.10.2011 18:48 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [7.10.2011 18:48 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7.10.2011 18:48 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 19:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13.7.2011 0:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 2:38 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30.8.2012 20:38 655944]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [20.12.2011 18:12 68896]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [13.12.2010 18:22 63616]
R3 ipgd;IC Plus IP1000 Family Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\ipgdnd51.sys [17.7.2007 23:45 33408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30.8.2012 20:38 22344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9.9.2012 23:54 40776]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [13.12.2010 18:22 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [13.12.2010 18:22 117504]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [12.5.2012 22:55 114144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [15.9.2004 15:00 14336]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [18.7.2007 11:59 0]
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
eapsvcs REG_MULTI_SZ
dot3svc REG_MULTI_SZ
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-09-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 86a31f33-2771-40e0-bf19-220dfd227e8c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Täydentävä tarkistus -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: msn.com
Trusted Zone: passport.com
DPF: {59DBDDA6-9A80-42A4-B824-9BC50CC172F5} - hxxp://www.programchecker.com/dll/nixon.cab
DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} - hxxp://playple.com/viewer/cab/SLViewer.cab
FF - ProfilePath - c:\documents and settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
SafeBoot-00033441.sys
SafeBoot-29853978.sys
SafeBoot-50378511.sys
SafeBoot-72731589.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-BSPlayer1 - c:\bsplayer\uninstall.exe
AddRemove-DC++ - c:\dc++\uninstall.exe
AddRemove-E.M. Total Video Player 1.31_is1 - d:\program files\Total Video Player\unins000.exe
AddRemove-Easy Video Capture_is1 - c:\program files\Easy Video Capture\unins000.exe
AddRemove-eVer-Craft_is1 - c:\ever-craft\unins000.exe
AddRemove-Fallout 2 Restoration Project_is1 - j:\fallout2\unins000.exe
AddRemove-Fraps - c:\frapsuus\uninstall.exe
AddRemove-Garena - c:\program files\Garena\uninst.exe
AddRemove-HijackThis - c:\hijackthis\HijackThis.exe
AddRemove-Hospital - c:\program files\Bullfrog\Hospital\DeIsL1.isu
AddRemove-MAME32k - c:\mame32k\uninst.exe
AddRemove-Mount&Blade Warband - d:\pelit\Mount&Blade Warband\uninstall.exe
AddRemove-PAF Diamond Poker - c:\casino\PAFDIA~1\UNWISE.EXE
AddRemove-PartyPoker - c:\program files\PartyGaming\PartyPoker\Uninstall\Setup.exe
AddRemove-Texas Calculatem 4 with "AutoRead"_is1 - c:\texascalculatem\unins000.exe
AddRemove-TVUPlayer - c:\tvuplayer\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-10 03:50
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
tarkistaa piilotettuja prosesseja ...
.
tarkistaa piilotettuja käynnistysarvoja ...
.
tarkistaa piilotettuja tiedostoja ...
.
tarkistus on valmis
piilotetut tiedostot: 0
.
**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-854245398-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1112859E-B974-2507-3FC0-A99156EBA95C}*]
"iaanhmkdbbcnlaggjf"=hex:69,61,67,65,61,6d,62,63,69,6d,69,61,66,6b,62,68,6e,70,
00,00
"haknceaebpojcipg"=hex:69,61,67,65,61,6d,62,63,69,6d,69,61,66,6b,62,68,6e,70,
00,00
.
--------------------- Prosesseihin ladatut DLLt ---------------------
.
- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1140)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(1048)
c:\windows\system32\cmdcsr.dll
.
Valmistumisajankohta: 2012-09-10 03:55:14
ComboFix-quarantined-files.txt 2012-09-10 00:55
.
Ennen ajoa: 123 331 072 000 tavua vapaana
Ajon jälkeen: 123 758 243 840 tavua vapaana
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noguiboot
.
- - End Of File - - 73B87CE23F8428851DB69F597495CD77

---------------------------------------------



TDSSKiller log:

---------------------------------------------

04:01:03.0297 1836 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
04:01:03.0438 1836 ============================================================
04:01:03.0438 1836 Current date / time: 2012/09/10 04:01:03.0438
04:01:03.0438 1836 SystemInfo:
04:01:03.0438 1836
04:01:03.0438 1836 OS Version: 5.1.2600 ServicePack: 2.0
04:01:03.0438 1836 Product type: Workstation
04:01:03.0438 1836 ComputerName: EMT-F8A04F66186
04:01:03.0438 1836 UserName: tilapainen
04:01:03.0438 1836 Windows directory: C:\WINDOWS
04:01:03.0438 1836 System windows directory: C:\WINDOWS
04:01:03.0438 1836 Processor architecture: Intel x86
04:01:03.0438 1836 Number of processors: 1
04:01:03.0438 1836 Page size: 0x1000
04:01:03.0438 1836 Boot type: Normal boot
04:01:03.0438 1836 ============================================================
04:01:04.0704 1836 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
04:01:04.0719 1836 ============================================================
04:01:04.0719 1836 \Device\Harddisk0\DR0:
04:01:04.0719 1836 MBR partitions:
04:01:04.0719 1836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
04:01:04.0735 1836 ============================================================
04:01:04.0907 1836 C: <-> \Device\Harddisk0\DR0\Partition1
04:01:04.0907 1836 ============================================================
04:01:04.0907 1836 Initialize success
04:01:04.0907 1836 ============================================================
04:01:23.0422 2768 ============================================================
04:01:23.0422 2768 Scan started
04:01:23.0422 2768 Mode: Manual; SigCheck; TDLFS;
04:01:23.0422 2768 ============================================================
04:01:23.0797 2768 ================ Scan system memory ========================
04:01:23.0797 2768 System memory - ok
04:01:23.0797 2768 ================ Scan services =============================
04:01:23.0891 2768 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
04:01:23.0938 2768 !SASCORE - ok
04:01:24.0079 2768 [ CB3B8E3EBC8BD5CD86A69BC1C9AFD701 ] 6to4 C:\WINDOWS\System32\6to4svc.dll
04:01:24.0266 2768 6to4 - ok
04:01:24.0266 2768 Abiosdsk - ok
04:01:24.0297 2768 [ BC034F074ADE82723F0B57F287980725 ] ABIT-IO C:\WINDOWS\system32\Drivers\ABIT-IO.sys
04:01:24.0313 2768 ABIT-IO ( UnsignedFile.Multi.Generic ) - warning
04:01:24.0313 2768 ABIT-IO - detected UnsignedFile.Multi.Generic (1)
04:01:24.0329 2768 abp480n5 - ok
04:01:24.0344 2768 [ 3F2DA24794471A2D1EB69123E8AFF1FF ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:01:24.0501 2768 ACPI - ok
04:01:24.0516 2768 [ 9322A12C6362FD4CE1F6ADCA40EDECED ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
04:01:24.0626 2768 ACPIEC - ok
04:01:24.0641 2768 adpu160m - ok
04:01:24.0672 2768 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
04:01:24.0797 2768 aec - ok
04:01:24.0829 2768 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
04:01:24.0969 2768 AFD - ok
04:01:24.0969 2768 Aha154x - ok
04:01:24.0985 2768 aic78u2 - ok
04:01:24.0985 2768 aic78xx - ok
04:01:25.0141 2768 [ 07531E558FDE570A84D027576BA9FD7C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
04:01:25.0360 2768 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning
04:01:25.0360 2768 ALCXWDM - detected UnsignedFile.Multi.Generic (1)
04:01:25.0376 2768 [ 4B765F50024529394CCB8E2E4357E36B ] Alerter C:\WINDOWS\system32\alrsvc.dll
04:01:25.0485 2768 Alerter - ok
04:01:25.0532 2768 [ 68276E67DA0274CA30DB2FC0E42C38C5 ] ALG C:\WINDOWS\System32\alg.exe
04:01:25.0579 2768 ALG - ok
04:01:25.0579 2768 AliIde - ok
04:01:25.0594 2768 amsint - ok
04:01:25.0626 2768 [ 11D97D2F61C57488892104C4FA59C24C ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
04:01:25.0657 2768 AnyDVD - ok
04:01:25.0719 2768 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:01:25.0751 2768 Apple Mobile Device - ok
04:01:25.0782 2768 [ 939B53DBDE82172120667D3AFE4BBDEA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
04:01:25.0844 2768 AppMgmt - ok
04:01:25.0891 2768 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
04:01:26.0016 2768 Arp1394 - ok
04:01:26.0016 2768 asc - ok
04:01:26.0032 2768 asc3350p - ok
04:01:26.0032 2768 asc3550 - ok
04:01:26.0157 2768 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
04:01:26.0172 2768 aspnet_state - ok
04:01:26.0204 2768 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:01:26.0313 2768 AsyncMac - ok
04:01:26.0360 2768 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
04:01:26.0485 2768 atapi - ok
04:01:26.0485 2768 Atdisk - ok
04:01:26.0547 2768 [ 38C7D3DA2AFC6FEA137BA5708D1B6FC1 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
04:01:26.0657 2768 Ati HotKey Poller - ok
04:01:26.0719 2768 [ 474623F2E0BDA43BE1E8C80BF373F65A ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
04:01:26.0813 2768 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
04:01:26.0813 2768 ATI Smart - detected UnsignedFile.Multi.Generic (1)
04:01:27.0032 2768 [ 02B985FC4D5BA17E528F7C9F889F7D22 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
04:01:27.0438 2768 ati2mtag - ok
04:01:27.0485 2768 [ 72BC628AF75C4C3250F2A3BAC260265A ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
04:01:27.0501 2768 atksgt - ok
04:01:27.0532 2768 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:01:27.0657 2768 Atmarpc - ok
04:01:27.0688 2768 [ 02C9FCC2C72CF62E9F7E4BF14A8194D7 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
04:01:27.0797 2768 AudioSrv - ok
04:01:27.0844 2768 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
04:01:27.0985 2768 audstub - ok
04:01:28.0016 2768 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
04:01:28.0126 2768 Beep - ok
04:01:28.0204 2768 [ C6C0336D77C70C3DB06A9D5FE49425DE ] BITS C:\WINDOWS\system32\qmgr.dll
04:01:28.0360 2768 BITS - ok
04:01:28.0422 2768 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
04:01:28.0469 2768 Bonjour Service - ok
04:01:28.0485 2768 [ 774FF17E93E97499C2F1B5BDC1916BF5 ] Browser C:\WINDOWS\System32\browser.dll
04:01:28.0626 2768 Browser - ok
04:01:28.0641 2768 [ D24B8D1784C68A25060FFFBE8ED34B76 ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
04:01:28.0766 2768 BthEnum - ok
04:01:28.0797 2768 [ 9DF0ADF74CE1D6371ED60CF92EB1D9A6 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
04:01:28.0938 2768 BTHMODEM - ok
04:01:28.0985 2768 [ 10355270BE12641B9764235DA39DCF0F ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
04:01:29.0094 2768 BthPan - ok
04:01:29.0141 2768 [ 2AB10C5B2F10F6C4452BDE647A22F6AD ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
04:01:29.0297 2768 BTHPORT - ok
04:01:29.0329 2768 [ 31FA7BE8D393BE75974E2264C0C58AE9 ] BthServ C:\WINDOWS\System32\bthserv.dll
04:01:29.0454 2768 BthServ - ok
04:01:29.0485 2768 [ F06D4CB9918B462A84D9AC00027EFC30 ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
04:01:29.0594 2768 BTHUSB - ok
04:01:29.0719 2768 catchme - ok
04:01:29.0766 2768 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
04:01:29.0891 2768 cbidf2k - ok
04:01:29.0907 2768 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
04:01:30.0032 2768 CCDECODE - ok
04:01:30.0047 2768 cd20xrnt - ok
04:01:30.0079 2768 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
04:01:30.0219 2768 Cdaudio - ok
04:01:30.0251 2768 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
04:01:30.0391 2768 Cdfs - ok
04:01:30.0438 2768 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:01:30.0579 2768 Cdrom - ok
04:01:30.0579 2768 Changer - ok
04:01:30.0610 2768 [ 2C40989F9CEE5B9EA6D6737C7C654D42 ] CiSvc C:\WINDOWS\system32\cisvc.exe
04:01:30.0751 2768 CiSvc - ok
04:01:30.0766 2768 [ 702C1C3CB294B5D9760B0713407273DC ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
04:01:30.0907 2768 ClipSrv - ok
04:01:30.0969 2768 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:01:30.0985 2768 clr_optimization_v2.0.50727_32 - ok
04:01:31.0016 2768 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:01:31.0032 2768 clr_optimization_v4.0.30319_32 - ok
04:01:31.0204 2768 [ 907324001AE25AC5959C91EAA34CABAE ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
04:01:31.0422 2768 cmdAgent - ok
04:01:31.0469 2768 [ 0EC8D44534D96776B04C6908E0B5F4B3 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
04:01:31.0469 2768 cmderd - ok
04:01:31.0501 2768 [ BEE235831F8E3F0BAACA18B39D285CF5 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
04:01:31.0547 2768 cmdGuard - ok
04:01:31.0579 2768 [ DE548946F36CAB62FEC2E6AA0149A619 ] cmdHlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
04:01:31.0594 2768 cmdHlp - ok
04:01:31.0594 2768 CmdIde - ok
04:01:31.0610 2768 COMSysApp - ok
04:01:31.0626 2768 Cpqarray - ok
04:01:31.0672 2768 [ 9549BFE9CFFEBF1081D62F7966605303 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
04:01:31.0813 2768 CryptSvc - ok
04:01:31.0829 2768 dac2w2k - ok
04:01:31.0829 2768 dac960nt - ok
04:01:31.0891 2768 [ 7FDA594FEA090E1110E2CAEDBBB52F30 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
04:01:32.0047 2768 DcomLaunch - ok
04:01:32.0063 2768 [ F2609A5DAA6581CC7E8C491FE1494596 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
04:01:32.0188 2768 Dhcp - ok
04:01:32.0235 2768 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
04:01:32.0376 2768 Disk - ok
04:01:32.0376 2768 dmadmin - ok
04:01:32.0438 2768 [ AEB95D1F9F4DA7752E0F8FAEAD198D56 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
04:01:32.0657 2768 dmboot - ok
04:01:32.0672 2768 [ 0AE86D0DC83BB91ADBCBD84A1A91D542 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
04:01:32.0829 2768 dmio - ok
04:01:32.0844 2768 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
04:01:32.0969 2768 dmload - ok
04:01:33.0001 2768 [ 5E184AAA0BA050636CAB274FD1EDB64E ] dmserver C:\WINDOWS\System32\dmserver.dll
04:01:33.0141 2768 dmserver - ok
04:01:33.0157 2768 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
04:01:33.0282 2768 DMusic - ok
04:01:33.0329 2768 [ EDB51C1FCFDE02EE7A08B10D71B88811 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
04:01:33.0469 2768 Dnscache - ok
04:01:33.0485 2768 dpti2o - ok
04:01:33.0516 2768 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
04:01:33.0626 2768 drmkaud - ok
04:01:33.0641 2768 [ AAA8999A169E39FB8B48AE49CD6AC30A ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
04:01:33.0657 2768 ElbyCDIO - ok
04:01:33.0672 2768 [ F38C24B3BE746F6B6142FBE04C47E87E ] ERSvc C:\WINDOWS\System32\ersvc.dll
04:01:33.0813 2768 ERSvc - ok
04:01:33.0844 2768 [ C2F8F8343435FC080C2DE25A410E09E8 ] Eventlog C:\WINDOWS\system32\services.exe
04:01:33.0969 2768 Eventlog - ok
04:01:34.0016 2768 [ D7D835F6155F275D50C3EF4E05612DA8 ] EventSystem C:\WINDOWS\system32\es.dll
04:01:34.0141 2768 EventSystem - ok
04:01:34.0188 2768 [ 4FD02E31EAC2CBC81EB08A1CE81E73A2 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
04:01:34.0235 2768 ewusbnet - ok
04:01:34.0266 2768 [ E98A64C7F106740A38FB2B78197816F8 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
04:01:34.0313 2768 ew_hwusbdev - ok
04:01:34.0360 2768 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
04:01:34.0485 2768 Fastfat - ok
04:01:34.0516 2768 [ 3B8A4FFB1D0E36584429CB97F664FAE7 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
04:01:34.0672 2768 FastUserSwitchingCompatibility - ok
04:01:34.0704 2768 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
04:01:34.0829 2768 Fdc - ok
04:01:34.0860 2768 [ 20FE03294AC1429AE88A64C2F754B0D4 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
04:01:34.0860 2768 FilterService - ok
04:01:34.0907 2768 [ 4DE756DB8C203DFAA58B165EDECDB593 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
04:01:35.0016 2768 Fips - ok
04:01:35.0032 2768 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
04:01:35.0157 2768 Flpydisk - ok
04:01:35.0188 2768 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
04:01:35.0313 2768 FltMgr - ok
04:01:35.0376 2768 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
04:01:35.0376 2768 FontCache3.0.0.0 - ok
04:01:35.0391 2768 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:01:35.0501 2768 Fs_Rec - ok
04:01:35.0516 2768 [ 30E0982506281508703C99115CEE520C ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:01:35.0657 2768 Ftdisk - ok
04:01:35.0672 2768 [ 4216CD545E5C30807B560C5DCAA812E6 ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
04:01:35.0797 2768 gagp30kx - ok
04:01:35.0829 2768 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
04:01:35.0844 2768 GEARAspiWDM - ok
04:01:35.0907 2768 [ A72034228A6D8DCD9A1CD70107556E40 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
04:01:35.0922 2768 getPlusHelper - ok
04:01:35.0938 2768 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:01:36.0063 2768 Gpc - ok
04:01:36.0110 2768 [ 7929A161F9951D173CA9900FE7067391 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
04:01:36.0126 2768 hamachi - ok
04:01:36.0188 2768 [ F9C5D0E0AF453F6E09544D069C0F5165 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
04:01:36.0297 2768 helpsvc - ok
04:01:36.0313 2768 [ 713F643C67AEAEC3C48B0F581C8C5CA2 ] HidServ C:\WINDOWS\System32\hidserv.dll
04:01:36.0438 2768 HidServ - ok
04:01:36.0485 2768 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
04:01:36.0579 2768 hidusb - ok
04:01:36.0594 2768 hpn - ok
04:01:36.0626 2768 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
04:01:36.0782 2768 HTTP - ok
04:01:36.0797 2768 [ B67BF4F0BF54242767CEC6B5C2145E29 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
04:01:36.0922 2768 HTTPFilter - ok
04:01:36.0969 2768 [ 22A4B14530194FC57C1C849FB5AFEE17 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
04:01:37.0219 2768 huawei_enumerator - ok
04:01:37.0282 2768 [ 3E3BFE85B9FE3720BF4C108F57C945FB ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
04:01:37.0376 2768 hwdatacard - ok
04:01:37.0391 2768 i2omgmt - ok
04:01:37.0391 2768 i2omp - ok
04:01:37.0422 2768 [ 46DC147FAEC564DB21A46094C0CA31F6 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:01:37.0547 2768 i8042prt - ok
04:01:37.0641 2768 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
04:01:37.0766 2768 idsvc - ok
04:01:37.0797 2768 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
04:01:37.0922 2768 Imapi - ok
04:01:37.0969 2768 [ C8BB3BDD77A8A73FF6CA4B9C336E4D93 ] ImapiService C:\WINDOWS\system32\imapi.exe
04:01:38.0141 2768 ImapiService - ok
04:01:38.0157 2768 ini910u - ok
04:01:38.0188 2768 [ F89849CF13805EF49DA64A8A63193AF7 ] Inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
04:01:38.0204 2768 Inspect - ok
04:01:38.0219 2768 IntelIde - ok
04:01:38.0235 2768 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
04:01:38.0344 2768 Ip6Fw - ok
04:01:38.0391 2768 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:01:38.0516 2768 IpFilterDriver - ok
04:01:38.0547 2768 [ 318A3A825B24FF4C99A073AB38955A6E ] ipgd C:\WINDOWS\system32\DRIVERS\ipgdnd51.sys
04:01:38.0594 2768 ipgd - ok
04:01:38.0626 2768 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:01:38.0751 2768 IpInIp - ok
04:01:38.0766 2768 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:01:38.0891 2768 IpNat - ok
04:01:38.0954 2768 [ 630D74599070824AF3DC63A894ADCDFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
04:01:39.0016 2768 iPod Service - ok
04:01:39.0047 2768 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:01:39.0172 2768 IPSec - ok
04:01:39.0204 2768 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
04:01:39.0266 2768 IRENUM - ok
04:01:39.0297 2768 [ A550404CAAE475D5BAC4C09B6B34F42E ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:01:39.0407 2768 isapnp - ok
04:01:39.0438 2768 [ CDB969144F97B0BC19FB944D7714EDC5 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:01:39.0579 2768 Kbdclass - ok
04:01:39.0579 2768 [ 04281FB0D9AE6F61BB4DC711791C80C4 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
04:01:39.0704 2768 kbdhid - ok
04:01:39.0735 2768 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
04:01:39.0876 2768 kmixer - ok
04:01:39.0876 2768 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
04:01:40.0001 2768 KSecDD - ok
04:01:40.0032 2768 [ 8477B6BD6C3DA97AE7BCB6F35FEB84EA ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
04:01:40.0172 2768 lanmanserver - ok
04:01:40.0188 2768 [ 730613444DB4A3CF366DAF6FEC371585 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
04:01:40.0329 2768 lanmanworkstation - ok
04:01:40.0329 2768 lbrtfdc - ok
04:01:40.0360 2768 [ 4127E8B6DDB4090E815C1F8852C277D3 ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
04:01:40.0376 2768 lirsgt - ok
04:01:40.0407 2768 [ 621F5FF8A9C71A4028C28BA2FEC159E0 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
04:01:40.0547 2768 LmHosts - ok
04:01:40.0579 2768 [ AF280405C10F0D20F37670B7432E5C2F ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
04:01:40.0594 2768 lvpopflt - ok
04:01:40.0626 2768 [ E52F5A2CADCF08D07F559962F807A0A2 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
04:01:40.0657 2768 LVRS - ok
04:01:40.0985 2768 [ C3D02260BEB2B48DEA1EFDFCA91E4B69 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
04:01:41.0626 2768 LVUVC - ok
04:01:41.0657 2768 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
04:01:41.0672 2768 MBAMProtector - ok
04:01:41.0766 2768 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
04:01:41.0829 2768 MBAMService - ok
04:01:41.0860 2768 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
04:01:41.0876 2768 MBAMSwissArmy - ok
04:01:41.0907 2768 [ 41B35E6833C28433CB2DBAD9A4005872 ] Messenger C:\WINDOWS\System32\msgsvc.dll
04:01:42.0032 2768 Messenger - ok
04:01:42.0047 2768 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
04:01:42.0172 2768 mnmdd - ok
04:01:42.0204 2768 [ 4992B0F91E8D53AF1951C2B62B10BEF7 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
04:01:42.0360 2768 mnmsrvc - ok
04:01:42.0391 2768 [ 396B58441395E59BEDB1A9CD068B5FD4 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
04:01:42.0516 2768 Modem - ok
04:01:42.0547 2768 [ 0B9ACEB4262682820B2D1FCA72AA117C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:01:42.0688 2768 Mouclass - ok
04:01:42.0719 2768 [ CECBFA0343E2A9C7CFEF3B999E7BA52C ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
04:01:42.0844 2768 mouhid - ok
04:01:42.0876 2768 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
04:01:43.0001 2768 MountMgr - ok
04:01:43.0047 2768 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
04:01:43.0063 2768 MozillaMaintenance - ok
04:01:43.0063 2768 mraid35x - ok
04:01:43.0079 2768 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:01:43.0188 2768 MRxDAV - ok
04:01:43.0251 2768 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:01:43.0422 2768 MRxSmb - ok
04:01:43.0438 2768 [ 54703DE019F1556A098E23A898317583 ] MSDTC C:\WINDOWS\system32\msdtc.exe
04:01:43.0547 2768 MSDTC - ok
04:01:43.0579 2768 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
04:01:43.0688 2768 Msfs - ok
04:01:43.0704 2768 MSIServer - ok
04:01:43.0751 2768 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:01:43.0860 2768 MSKSSRV - ok
04:01:43.0907 2768 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:01:44.0001 2768 MSPCLOCK - ok
04:01:44.0032 2768 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
04:01:44.0157 2768 MSPQM - ok
04:01:44.0188 2768 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:01:44.0282 2768 mssmbios - ok
04:01:44.0313 2768 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
04:01:44.0438 2768 MSTEE - ok
04:01:44.0454 2768 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
04:01:44.0579 2768 Mup - ok
04:01:44.0610 2768 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
04:01:44.0735 2768 NABTSFEC - ok
04:01:44.0782 2768 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
04:01:44.0891 2768 NDIS - ok
04:01:44.0938 2768 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
04:01:45.0032 2768 NdisIP - ok
04:01:45.0079 2768 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:01:45.0204 2768 NdisTapi - ok
04:01:45.0235 2768 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:01:45.0344 2768 Ndisuio - ok
04:01:45.0376 2768 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:01:45.0485 2768 NdisWan - ok
04:01:45.0516 2768 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
04:01:45.0641 2768 NDProxy - ok
04:01:45.0657 2768 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
04:01:45.0782 2768 NetBIOS - ok
04:01:45.0829 2768 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
04:01:45.0954 2768 NetBT - ok
04:01:45.0985 2768 [ 8D500EF5563E1107CD2F7A98B8A7C5CF ] NetDDE C:\WINDOWS\system32\netdde.exe
04:01:46.0094 2768 NetDDE - ok
04:01:46.0110 2768 [ 8D500EF5563E1107CD2F7A98B8A7C5CF ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
04:01:46.0219 2768 NetDDEdsdm - ok
04:01:46.0251 2768 [ 39726087F99C7775B2EA1F2990709817 ] Netlogon C:\WINDOWS\system32\lsass.exe
04:01:46.0360 2768 Netlogon - ok
04:01:46.0407 2768 [ 9278CEE2A86EC252ED7C3F839DB3DC59 ] Netman C:\WINDOWS\System32\netman.dll
04:01:46.0547 2768 Netman - ok
04:01:46.0594 2768 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:01:46.0610 2768 NetTcpPortSharing - ok
04:01:46.0641 2768 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
04:01:46.0766 2768 NIC1394 - ok
04:01:46.0813 2768 [ 5981BE8B1C04A740662D088A82E11F4A ] Nla C:\WINDOWS\System32\mswsock.dll
04:01:46.0954 2768 Nla - ok
04:01:46.0985 2768 [ 9A5F53B55E09ECC2DAB8C74E4DD18B8D ] nlsX86cc C:\WINDOWS\system32\NLSSRV32.EXE
04:01:47.0001 2768 nlsX86cc - ok
04:01:47.0079 2768 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files\CDBurnerXP\NMSAccessU.exe
04:01:47.0094 2768 NMSAccessU - ok
04:01:47.0126 2768 [ F44ADDBF29905CB19F52FC9FE6A0EFA1 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
04:01:47.0141 2768 nosGetPlusHelper - ok
04:01:47.0188 2768 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
04:01:47.0282 2768 Npfs - ok
04:01:47.0313 2768 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
04:01:47.0454 2768 Ntfs - ok
04:01:47.0469 2768 [ 39726087F99C7775B2EA1F2990709817 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
04:01:47.0579 2768 NtLmSsp - ok
04:01:47.0641 2768 [ 79C1392C1CB183EA9E577037C046BE9F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
04:01:47.0751 2768 NtmsSvc - ok
04:01:47.0782 2768 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
04:01:47.0907 2768 Null - ok
04:01:47.0938 2768 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:01:48.0047 2768 NwlnkFlt - ok
04:01:48.0079 2768 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:01:48.0204 2768 NwlnkFwd - ok
04:01:48.0219 2768 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
04:01:48.0329 2768 ohci1394 - ok
04:01:48.0360 2768 [ 6D6EB80C26F8EB8A6EE13C51D371C4E6 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
04:01:48.0485 2768 Parport - ok
04:01:48.0516 2768 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
04:01:48.0610 2768 PartMgr - ok
04:01:48.0657 2768 [ 4EADD72430FFFE9046353E9B5C733871 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
04:01:48.0782 2768 ParVdm - ok
04:01:48.0813 2768 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
04:01:48.0844 2768 pccsmcfd - ok
04:01:48.0876 2768 [ 0943DB751BE2C13C9713637BF0B45CE2 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
04:01:48.0985 2768 PCI - ok
04:01:49.0001 2768 PCIDump - ok
04:01:49.0001 2768 PCIIde - ok
04:01:49.0047 2768 [ 5D27AA4D6E869EB97C261141421D5B84 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
04:01:49.0172 2768 Pcmcia - ok
04:01:49.0172 2768 PDCOMP - ok
04:01:49.0188 2768 PDFRAME - ok
04:01:49.0188 2768 PDRELI - ok
04:01:49.0204 2768 PDRFRAME - ok
04:01:49.0204 2768 perc2 - ok
04:01:49.0219 2768 perc2hib - ok
04:01:49.0266 2768 [ C2F8F8343435FC080C2DE25A410E09E8 ] PlugPlay C:\WINDOWS\system32\services.exe
04:01:49.0376 2768 PlugPlay - ok
04:01:49.0422 2768 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
04:01:49.0422 2768 PnkBstrA - ok
04:01:49.0438 2768 [ 39726087F99C7775B2EA1F2990709817 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
04:01:49.0547 2768 PolicyAgent - ok
04:01:49.0579 2768 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:01:49.0704 2768 PptpMiniport - ok
04:01:49.0719 2768 [ A420BBE17B719FA2EB9760E56BA02190 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
04:01:49.0829 2768 Processor - ok
04:01:49.0829 2768 [ 39726087F99C7775B2EA1F2990709817 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
04:01:49.0938 2768 ProtectedStorage - ok
04:01:49.0969 2768 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
04:01:50.0094 2768 PSched - ok
04:01:50.0141 2768 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:01:50.0251 2768 Ptilink - ok
04:01:50.0282 2768 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
04:01:50.0297 2768 PxHelp20 - ok
04:01:50.0297 2768 ql1080 - ok
04:01:50.0313 2768 Ql10wnt - ok
04:01:50.0313 2768 ql12160 - ok
04:01:50.0329 2768 ql1240 - ok
04:01:50.0344 2768 ql1280 - ok
04:01:50.0360 2768 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:01:50.0485 2768 RasAcd - ok
04:01:50.0516 2768 [ 92BE8C82E2F96279D91636729A5344CF ] RasAuto C:\WINDOWS\System32\rasauto.dll
04:01:50.0641 2768 RasAuto - ok
04:01:50.0672 2768 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:01:50.0766 2768 Rasl2tp - ok
04:01:50.0797 2768 [ 498DB793857ACD922485FCF725A019FC ] RasMan C:\WINDOWS\System32\rasmans.dll
04:01:50.0938 2768 RasMan - ok
04:01:50.0969 2768 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:01:51.0079 2768 RasPppoe - ok
04:01:51.0079 2768 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
04:01:51.0204 2768 Raspti - ok
04:01:51.0251 2768 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:01:51.0391 2768 Rdbss - ok
04:01:51.0391 2768 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:01:51.0501 2768 RDPCDD - ok
04:01:51.0547 2768 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
04:01:51.0672 2768 rdpdr - ok
04:01:51.0719 2768 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
04:01:51.0860 2768 RDPWD - ok
04:01:51.0907 2768 [ 2CC502541283457AB05BAFCBDB5E80BC ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
04:01:52.0047 2768 RDSessMgr - ok
04:01:52.0079 2768 [ A62CBD5FD8C091A4CF3D7D4425506FE8 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
04:01:52.0219 2768 redbook - ok
04:01:52.0251 2768 RegGuard - ok
04:01:52.0297 2768 [ AE802E68ABD857179DA05028B7C88042 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
04:01:52.0407 2768 RemoteAccess - ok
04:01:52.0454 2768 [ 37984FDE8934D3FBA095BCF67EA2ED7B ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
04:01:52.0563 2768 RemoteRegistry - ok
04:01:52.0594 2768 [ 99C4B74981A1413F142A3903130088CB ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
04:01:52.0704 2768 RFCOMM - ok
04:01:52.0735 2768 [ 69E2A97F9160DEE13A4695790D8A8FB4 ] RpcLocator C:\WINDOWS\system32\locator.exe
04:01:52.0860 2768 RpcLocator - ok
04:01:52.0907 2768 [ 7FDA594FEA090E1110E2CAEDBBB52F30 ] RpcSs C:\WINDOWS\System32\rpcss.dll
04:01:53.0016 2768 RpcSs - ok
04:01:53.0047 2768 [ DC3C8532614B66CDA851C70A6AF49A5D ] RSVP C:\WINDOWS\system32\rsvp.exe
04:01:53.0172 2768 RSVP - ok
04:01:53.0188 2768 [ 39726087F99C7775B2EA1F2990709817 ] SamSs C:\WINDOWS\system32\lsass.exe
04:01:53.0297 2768 SamSs - ok
04:01:53.0344 2768 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
04:01:53.0344 2768 SASDIFSV - ok
04:01:53.0360 2768 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
04:01:53.0376 2768 SASKUTIL - ok
04:01:53.0407 2768 [ 53D2EC94DCECFA4FA8E3415BA8787429 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
04:01:53.0532 2768 SCardSvr - ok
04:01:53.0563 2768 [ 316CE4BD8EE9DE841F8657A734A87FE7 ] Schedule C:\WINDOWS\system32\schedsvc.dll
04:01:53.0704 2768 Schedule - ok
04:01:53.0735 2768 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:01:53.0797 2768 Secdrv - ok
04:01:53.0844 2768 [ E53478792360C02BE4EFCFAF53DA319D ] seclogon C:\WINDOWS\System32\seclogon.dll
04:01:53.0938 2768 seclogon - ok
04:01:53.0969 2768 [ C4E551C58AC88ED3C97E48C698536AB9 ] SENS C:\WINDOWS\system32\sens.dll
04:01:54.0094 2768 SENS - ok
04:01:54.0126 2768 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
04:01:54.0219 2768 serenum - ok
04:01:54.0235 2768 [ F19E7D2F294AB71D41F6746D322CF0D3 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
04:01:54.0376 2768 Serial - ok
04:01:54.0422 2768 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
04:01:54.0532 2768 Sfloppy - ok
04:01:54.0579 2768 [ 5E0564612C7593F7CD8572D5AB454B54 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
04:01:54.0719 2768 SharedAccess - ok
04:01:54.0735 2768 [ 3B8A4FFB1D0E36584429CB97F664FAE7 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
04:01:54.0860 2768 ShellHWDetection - ok
04:01:54.0860 2768 Simbad - ok
04:01:54.0907 2768 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
04:01:55.0001 2768 SLIP - ok
04:01:55.0016 2768 Sparrow - ok
04:01:55.0063 2768 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
04:01:55.0157 2768 splitter - ok
04:01:55.0188 2768 [ 977DB6827AD7C3EAA1F9E83A22483611 ] Spooler C:\WINDOWS\system32\spoolsv.exe
04:01:55.0313 2768 Spooler - ok
04:01:55.0360 2768 [ 196F0682F8857065163DB731A4A512B8 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
04:01:55.0407 2768 sr - ok
04:01:55.0454 2768 [ CA7225F8DF8D6D938EF7926499019D42 ] srservice C:\WINDOWS\system32\srsvc.dll
04:01:55.0501 2768 srservice - ok
04:01:55.0532 2768 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
04:01:55.0672 2768 Srv - ok
04:01:55.0704 2768 [ AEA7ED5320772DB5CB4AF0223EC8FC6D ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
04:01:55.0751 2768 SSDPSRV - ok
04:01:55.0813 2768 [ F8855A0B4EF72D4BF036A01DEA7F40BC ] stisvc C:\WINDOWS\system32\wiaservc.dll
04:01:55.0938 2768 stisvc - ok
04:01:55.0969 2768 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
04:01:56.0079 2768 streamip - ok
04:01:56.0110 2768 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
04:01:56.0204 2768 swenum - ok
04:01:56.0251 2768 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
04:01:56.0344 2768 swmidi - ok
04:01:56.0360 2768 SwPrv - ok
04:01:56.0376 2768 symc810 - ok
04:01:56.0376 2768 symc8xx - ok
04:01:56.0391 2768 sym_hi - ok
04:01:56.0407 2768 sym_u3 - ok
04:01:56.0438 2768 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
04:01:56.0579 2768 sysaudio - ok
04:01:56.0610 2768 [ E4A8FF6A62B4923F9FC5A01C376160B0 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
04:01:56.0704 2768 SysmonLog - ok
04:01:56.0751 2768 [ AF402D097422264C17F665362B0BEE0D ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
04:01:56.0876 2768 TapiSrv - ok
04:01:56.0938 2768 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:01:57.0047 2768 Tcpip - ok
04:01:57.0079 2768 [ 4D58BB1AE8841AAFD8790AD7E1E3B8EA ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
04:01:57.0219 2768 Tcpip6 - ok
04:01:57.0235 2768 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
04:01:57.0329 2768 TDPIPE - ok
04:01:57.0360 2768 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
04:01:57.0501 2768 TDTCP - ok
04:01:57.0516 2768 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
04:01:57.0641 2768 TermDD - ok
04:01:57.0672 2768 [ 8AF34B80AA02111D3368DB236C315281 ] TermService C:\WINDOWS\System32\termsrv.dll
04:01:57.0782 2768 TermService - ok
04:01:57.0813 2768 [ 3B8A4FFB1D0E36584429CB97F664FAE7 ] Themes C:\WINDOWS\System32\shsvcs.dll
04:01:57.0922 2768 Themes - ok
04:01:57.0954 2768 [ 348883489DCE53F86EFFE260F979A0B4 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
04:01:58.0001 2768 TlntSvr - ok
04:01:58.0016 2768 TosIde - ok
04:01:58.0032 2768 [ A3EE3AC916EAA0D650E6FBC20EA4E6D9 ] TrkWks C:\WINDOWS\system32\trkwks.dll
04:01:58.0157 2768 TrkWks - ok
04:01:58.0188 2768 [ 87A0E9E18C10A9E454238E3330E2A26D ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
04:01:58.0297 2768 tunmp - ok
04:01:58.0329 2768 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
04:01:58.0454 2768 Udfs - ok
04:01:58.0469 2768 ultra - ok
04:01:58.0501 2768 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
04:01:58.0547 2768 UMWdf - ok
04:01:58.0579 2768 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
04:01:58.0704 2768 Update - ok
04:01:58.0751 2768 [ 22C377DFE55DA6D9751895E18AAC6111 ] upnphost C:\WINDOWS\System32\upnphost.dll
04:01:58.0813 2768 upnphost - ok
04:01:58.0813 2768 [ DBFEAD87735F657C4A359FA2821D23B1 ] UPS C:\WINDOWS\System32\ups.exe
04:01:58.0938 2768 UPS - ok
04:01:58.0985 2768 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
04:01:59.0079 2768 usbaudio - ok
04:01:59.0110 2768 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
04:01:59.0219 2768 usbccgp - ok
04:01:59.0235 2768 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:01:59.0344 2768 usbehci - ok
04:01:59.0376 2768 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:01:59.0516 2768 usbhub - ok
04:01:59.0532 2768 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:01:59.0626 2768 usbscan - ok
04:01:59.0657 2768 [ 49106EE29074E6A3D3AC9E24C6D791D8 ] usbser C:\WINDOWS\system32\drivers\usbser.sys
04:01:59.0782 2768 usbser - ok
04:01:59.0797 2768 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:01:59.0907 2768 USBSTOR - ok
04:01:59.0938 2768 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
04:02:00.0047 2768 usbuhci - ok
04:02:00.0079 2768 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
04:02:00.0204 2768 VgaSave - ok
04:02:00.0235 2768 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
04:02:00.0344 2768 ViaIde - ok
04:02:00.0376 2768 [ B0FD6E31ED4ACD87EB852C5DAC27734A ] vmm C:\WINDOWS\system32\Drivers\vmm.sys
04:02:00.0407 2768 vmm - ok
04:02:00.0407 2768 [ 8B2E0FED00389A181EC2397143C0F6DB ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
04:02:00.0532 2768 VolSnap - ok
04:02:00.0547 2768 [ 2ABE8281DB609D8BB1BD1B2F93800D5F ] VPCNetS2 C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
04:02:00.0563 2768 VPCNetS2 - ok
04:02:00.0610 2768 [ EAF591B8CF0787EEBA08C43CC840304F ] VSS C:\WINDOWS\System32\vssvc.exe
04:02:00.0688 2768 VSS - ok
04:02:00.0735 2768 [ BEBCA93AC625039321444F7ACA6439BB ] W32Time C:\WINDOWS\system32\w32time.dll
04:02:00.0844 2768 W32Time - ok
04:02:00.0860 2768 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:02:00.0985 2768 Wanarp - ok
04:02:01.0047 2768 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
04:02:01.0094 2768 Wdf01000 - ok
04:02:01.0110 2768 WDICA - ok
04:02:01.0141 2768 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
04:02:01.0266 2768 wdmaud - ok
04:02:01.0297 2768 [ D93BE7C8C4F7514A8C94A7881B995250 ] WebClient C:\WINDOWS\System32\webclnt.dll
04:02:01.0422 2768 WebClient - ok
04:02:01.0485 2768 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
04:02:01.0485 2768 WinDefend - ok
04:02:01.0579 2768 [ 70666C75615E856312120EB4ED71B18C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
04:02:01.0704 2768 winmgmt - ok
04:02:01.0735 2768 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
04:02:01.0751 2768 WmdmPmSN - ok
04:02:01.0813 2768 [ 045C9FD3822764FD3655820B9154A7E8 ] Wmi C:\WINDOWS\System32\advapi32.dll
04:02:02.0016 2768 Wmi - ok
04:02:02.0063 2768 [ 53239057F5B85FE6AE29C95C5F7A29D1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
04:02:02.0172 2768 WmiApSrv - ok
04:02:02.0204 2768 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
04:02:02.0235 2768 WpdUsb - ok
04:02:02.0329 2768 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
04:02:02.0407 2768 WPFFontCache_v0400 - ok
04:02:02.0454 2768 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
04:02:02.0563 2768 WS2IFSL - ok
04:02:02.0594 2768 [ EDFDA9BB9B808008999F328FD2E17C5E ] wscsvc C:\WINDOWS\system32\wscsvc.dll
04:02:02.0735 2768 wscsvc - ok
04:02:02.0766 2768 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
04:02:02.0860 2768 WSTCODEC - ok
04:02:02.0891 2768 [ 6136C6E594AC3CAEB789E8092699688C ] wuauserv C:\WINDOWS\system32\wuauserv.dll
04:02:03.0001 2768 wuauserv - ok
04:02:03.0047 2768 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
04:02:03.0079 2768 WudfPf - ok
04:02:03.0110 2768 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
04:02:03.0126 2768 WudfRd - ok
04:02:03.0157 2768 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
04:02:03.0188 2768 WudfSvc - ok
04:02:03.0235 2768 [ 16BCEBAB57C9DFE8FAE1FD2F811350A1 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
04:02:03.0391 2768 WZCSVC - ok
04:02:03.0422 2768 [ 899DE43D1086753C0E8DDED16057FDA2 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
04:02:03.0532 2768 xmlprov - ok
04:02:03.0563 2768 ================ Scan global ===============================
04:02:03.0610 2768 [ 1FA52C2A23B850D99276D30524C10CA5 ] C:\WINDOWS\system32\basesrv.dll
04:02:03.0626 2768 [ 56A8C138ED3ACB5A9546E0490A80E504 ] C:\WINDOWS\system32\winsrv.dll
04:02:03.0657 2768 [ 56A8C138ED3ACB5A9546E0490A80E504 ] C:\WINDOWS\system32\winsrv.dll
04:02:03.0672 2768 [ C2F8F8343435FC080C2DE25A410E09E8 ] C:\WINDOWS\system32\services.exe
04:02:03.0672 2768 [Global] - ok
04:02:03.0672 2768 ================ Scan MBR ==================================
04:02:03.0704 2768 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
04:02:04.0047 2768 \Device\Harddisk0\DR0 - ok
04:02:04.0047 2768 ================ Scan VBR ==================================
04:02:04.0063 2768 [ 391DEBDCCAD2C0BF943EE4CA4A312B2A ] \Device\Harddisk0\DR0\Partition1
04:02:04.0063 2768 \Device\Harddisk0\DR0\Partition1 - ok
04:02:04.0063 2768 ============================================================
04:02:04.0063 2768 Scan finished
04:02:04.0063 2768 ============================================================
04:02:04.0172 0680 Detected object count: 3
04:02:04.0172 0680 Actual detected object count: 3
04:02:12.0938 0680 ABIT-IO ( UnsignedFile.Multi.Generic ) - skipped by user
04:02:12.0938 0680 ABIT-IO ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:02:12.0938 0680 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user
04:02:12.0938 0680 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:02:12.0954 0680 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
04:02:12.0954 0680 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:02:16.0266 2080 Deinitialize success

-------------------------------------------------------



MBAM log:

-------------------------------------------------------

Malwarebytes Anti-Malware (Kokeiluversio) 1.62.0.1300
www.malwarebytes.org

Tietokantaversio: v2012.09.09.06

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
tilapainen :: EMT-F8A04F66186 [järjestelmänvalvoja]

Suojaus: Käytössä

10.9.2012 4:04:45
mbam-log-2012-09-10 (05-57-05).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Ylimäärinen | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutos | Vertaisverkko (Peer-to-Peer)
Käytöstä poistetut tarkistusvalinnat:
Tarkistettuja kohteita: 472495
Kulunut aika: 1 tunti(a), 52 minuutti(a), 15 sekunti(a)

Epäilyttäviä muistiprosesseja: 0
(Ei haitallisia kohteita)

Epäilyttäviä muistimoduuleja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisteriavaimia: 1
HKCU\SOFTWARE\32 Vegas Casino (Adware.21Nova) -> Toimintoja ei suoritettu.

Epäilyttäviä rekisteriarvoja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisterikohteita: 0
(Ei haitallisia kohteita)

Epäilyttäviä kansioita: 0
(Ei haitallisia kohteita)

Epäilyttäviä tiedostoja: 0
(Ei haitallisia kohteita)

(loppu)

------------------------------------------------



Events log:

------------------------------------------------

System:

Type: Information
Source: EventLog
Class: None
ID: 6006
Time: 06:08:12
User - TietokoneEMT-F8A04F66186
Description:
Eventlog service has been stopped.

Type: Information
Source: EventLog
Class: None
ID: 6009
Time: 06:09:11
User: -
Computer: EMT-F8A04F66186
Description:
Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free.

Type: Information
Source: EventLog
Class: None
ID: 6009
Time: 06:09:11
User: -
Computer: EMT-F8A04F66186
Description:
Eventlog was started.

Type: Information
Source: Service Control manager
Class: None
ID: 7035
Time: 06:09:15
User: NT-HALLINTA\SYSTEM
Computer: EMT-F8A04F66186
Description:
Service NLA (Network Location Awareness) has been requested to start.

Type: Information
Source: Service Control manager
Class: None
ID: 7035
Time: 06:09:15
User: -
Computer: EMT-F8A04F66186
Description:
Service NLA (Network Location Awareness) was started.

Type: Information
Source: redbook
Class: None
ID: 10
Time: 06:08:53
User: -
Computer: EMT-F8A04F66186
Description:
This device does not appear to support replaying digital sound.

Information:
0000: ff 00 04 00 01 00 5c 00 ÿ.....\.
0008: 00 00 00 00 0a 00 ff 4f ......ÿO
0010: 00 00 00 00 00 00 00 00 ........
0018: 01 00 00 00 ff ff ff ff ....ÿÿÿÿ
0020: 00 00 00 00 00 00 00 00 ........
0028: 01 00 00 00 ....

Type: Information
Source: Tcpip6
Class: None
ID: 3100
Time: 06:08:58
User: -
Computer: EMT-F8A04F66186
Description:
Microsoft IPv6 Developer Edition driver was started.

Information:
0000: 00 00 00 00 01 00 56 00 ......V.
0008: 00 00 00 00 1c 0c 00 40 [email protected]
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Type: Information
Source: Service Control Manager
Class: None
ID: 7036
Time: 06:09:32
User: -
Computer: EMT-F8A04F66186
Description:
TermServices was started.

Type: Information
Source: Service Control Manager
Class: None
ID: 7035
Time: 06:09:32
User: NT-HALLINTA\SYSTEM
Computer: EMT-F8A04F66186
Description:
Fast User Switch Compatibility service was requested to start.

Type: Information
Source: Service Control Manager
Class: None
ID: 7035
Time: 06:09:32
User: -
Computer: EMT-F8A04F66186
Description:
Fast User Switch Compatibility service was started.

Type: Information
Source: Service Control Manager
Class: None
ID: 7035
Time: 06:09:32
User: NT-HALLINTA\SYSTEM
Computer: EMT-F8A04F66186
Description:
Service ALG was requested to start.

Type: Information
Source: Service Control Manager
Class: None
ID: 7035
Time: 06:09:32
User:
Computer: EMT-F8A04F66186
Description:
Service Application Layer Gateway was started.

Type: Error
Source: Service Control Manager
Class: None
ID: 7001
Time: 06:09:32
User: -
Comptuer: EMT-F8A04F66186
Description:
Service Remote Access Connection Manager (RAS) is dependent on the service Telephony, which failed to start due to an error:
Service could not be started because it has been disabled.

Type: Information
Source: Service Control Manager
Class: None
ID: 7035
Time: 06:09:34
User: NT-HALLINTA\SYSTEM
Computer: EMT-F8A04F66186
Description:
Service SSDP (Simple Service Discovery Protocol) was requested to start.

Type: Information
Source: Service Control Manager
Class: None
ID: 7035
Time: 06:09:34
User: -
Computer: EMT-F8A04F66186
Description:
Service SSDP (Simple Service Discovery Protocol) was started.

Type: Information
Source: Service Control Manager
Class: None
ID: 7035
Time: 06:09:35
User: NT-HALLINTA\SYSTEM
Computer: EMT-F8A04F66186
Description:
Service IP Traffic Filter Driver was requested to start.

Type: Error
Source: Service Control Manager
Class: None
ID: 7000
Time: 06:09:35
User: -
Computer: EMT-F8A04F66186
Description:
Service pgfilter could not be started. Errorcode is:
Defined file could not be found.

Type: Error
Source: Service Control Manager
Class: None
ID: 7001
Time: 06:09:35
User: -
Comptuer: EMT-F8A04F66186
Description:
Service Remote Access Connection Manager (RAS) is dependent on the service Telephony, which failed to start due to an error:
Service could not be started because it has been disabled.

Type: Error
Source: Service Control Manager
Class: None
ID: 7001
Time: 06:09:36
User: -
Comptuer: EMT-F8A04F66186
Description:
Service Remote Access Connection Manager (RAS) is dependent on the service Telephony, which failed to start due to an error:
Service could not be started because it has been disabled.

Type: Information
Source: Service Control Manager
Class: None
ID: 7035
Time: 06:09:48
User: NT-HALLINTA\SYSTEM
Computer: EMT-F8A04F66186
Description:
Service IP Traffic Filter Driver was requested to start.

Type: Error
Source: Service Control Manager
Class: None
ID: 7001
Time: 06:14:30
User: -
Comptuer: EMT-F8A04F66186
Description:
Service Remote Access Connection Manager (RAS) is dependent on the service Telephony, which failed to start due to an error:
Service could not be started because it has been disabled.

Type: Error
Source: Service Control Manager
Class: None
ID: 7001
Time: 06:16:47
User: -
Comptuer: EMT-F8A04F66186
Description:
Service Remote Access Connection Manager (RAS) is dependent on the service Telephony, which failed to start due to an error:
Service could not be started because it has been disabled.

Type: Error
Source: Service Control Manager
Class: None
ID: 7001
Time: 06:16:49
User: -
Comptuer: EMT-F8A04F66186
Description:
Service Remote Access Connection Manager (RAS) is dependent on the service Telephony, which failed to start due to an error:
Service could not be started because it has been disabled.

Type: Error
Source: Service Control Manager
Class: None
ID: 7001
Time: 06:16:51
User: -
Comptuer: EMT-F8A04F66186
Description:
Service Remote Access Connection Manager (RAS) is dependent on the service Telephony, which failed to start due to an error:
Service could not be started because it has been disabled.

Type: Error
Source: Service Control Manager
Class: None
ID: 7001
Time: 06:19:45
User: -
Comptuer: EMT-F8A04F66186
Description:
Service Remote Access Connection Manager (RAS) is dependent on the service Telephony, which failed to start due to an error:
Service could not be started because it has been disabled.

Type: Error
Source: Service Control Manager
Class: None
ID: 7001
Time: 06:25:01
User: -
Comptuer: EMT-F8A04F66186
Description:
Service Remote Access Connection Manager (RAS) is dependent on the service Telephony, which failed to start due to an error:
Service could not be started because it has been disabled.

Type: Error
Source: Service Control Manager
Class: None
ID: 7001
Time: 06:30:16
User: -
Comptuer: EMT-F8A04F66186
Description:
Service Remote Access Connection Manager (RAS) is dependent on the service Telephony, which failed to start due to an error:
Service could not be started because it has been disabled.

Type: Error
Source: Service Control Manager
Class: None
ID: 7001
Time: 06:35:32
User: -
Comptuer: EMT-F8A04F66186
Description:
Service Remote Access Connection Manager (RAS) is dependent on the service Telephony, which failed to start due to an error:
Service could not be started because it has been disabled.

Type: Error
Source: Service Control Manager
Class: None
ID: 7001
Time: 06:40:48
User: -
Comptuer: EMT-F8A04F66186
Description:
Service Remote Access Connection Manager (RAS) is dependent on the service Telephony, which failed to start due to an error:
Service could not be started because it has been disabled.



Application:

Type: Information
Source: ATI Smart
Class: None
ID: 105
Time: 06:09:14
User: -
Comptuer: EMT-F8A04F66186
Description:
The service was started.

Type: Information
Source: SecurityCenter
Class: None
ID: 1800
Time: 06:09:15
User: -
Comptuer: EMT-F8A04F66186
Description:
Windows Security Center service was started.

Type: Information
Source: ESENT
Class: General
ID: 100
Time: 06:10:02
User: -
Comptuer: EMT-F8A04F66186
Description:
wuauclt (3248) The database engine 5.01.2600.2180 started.

Type: Information
Source: ESENT
Class: General
ID: 102
Time: 06:10:02
User: -
Comptuer: EMT-F8A04F66186
Description:
wuaueng.dll (3248) SUS20ClientDataStore: The database engine started a new instance (0).

Type: Information
Source: ESENT
Class: General
ID: 103
Time: 06:10:03
User: -
Comptuer: EMT-F8A04F66186
Description:
wuaueng.dll (3248) SUS20ClientDataStore: The database engine stopped the instance (0).

Type: Information
Source: ESENT
Class: General
ID: 101
Time: 06:15:03
User: -
Comptuer: EMT-F8A04F66186
Description:
wuauclt (3248) The database engine stopped.

--------------------------------------------------------



OTL log 2:

--------------------------------------------------------

OTL logfile created on: 10.9.2012 6:50:23 - Run 4
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Documents and Settings\tilapainen\Työpöytä\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

1022,48 Mb Total Physical Memory | 490,05 Mb Available Physical Memory | 47,93% Memory free
2,40 Gb Paging File | 1,88 Gb Available in Paging File | 78,10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 115,29 Gb Free Space | 77,35% Space Free | Partition Type: NTFS

Computer Name: EMT-F8A04F66186 | User Name: tilapainen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.09 03:57:20 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tilapainen\Työpöytä\OTL\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.12 00:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012.03.12 00:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011.12.20 18:12:18 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011.08.12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010.05.07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007.04.19 20:33:01 | 000,271,936 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2005.01.10 05:36:22 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004.09.15 15:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.09.15 15:00:00 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe


========== Modules (No Company Name) ==========

MOD - [2011.12.19 21:59:43 | 000,068,424 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010.05.07 19:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008.03.25 19:58:06 | 000,408,064 | ---- | M] () -- C:\Program Files\TrojanHunter 5.1\contmenu.dll
MOD - [2007.06.03 10:05:20 | 000,159,744 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2007.06.03 10:04:14 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2007.05.22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2012.08.25 05:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.12 00:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011.12.20 18:12:18 | 000,068,896 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011.08.12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010.09.01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2009.12.01 20:43:02 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\TILAPA~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.12 00:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012.03.12 00:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012.03.12 00:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012.03.12 00:13:43 | 000,018,056 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2011.07.22 19:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.13 00:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.05.15 01:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010.05.15 01:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010.05.15 01:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.05.15 01:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010.04.09 16:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.25 11:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 12:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.20 11:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.07.02 14:49:32 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.02.12 03:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2008.02.09 04:40:41 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.02.05 01:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008.01.26 14:55:04 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2007.09.08 02:48:56 | 000,096,704 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007.08.16 17:26:12 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007.08.16 17:26:10 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2005.11.04 11:14:22 | 000,033,408 | ---- | M] (IC Plus Corp. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipgdnd51.sys -- (ipgd)
DRV - [2005.01.11 20:17:04 | 002,306,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004.09.15 15:00:00 | 000,223,616 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2004.09.10 12:15:00 | 000,007,680 | ---- | M] (ABIT Computer Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ABIT-IO.SYS -- (ABIT-IO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fi
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 E7 D3 6B 0A 7F CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: J:\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\tilapainen\Application Data\Octoshape\Octoshape Streaming Services\sua-0910050-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\tilapainen\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\tilapainen\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\tilapainen\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\tilapainen\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 20:24:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 21:05:11 | 000,000,000 | ---D | M]

[2008.09.06 14:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Extensions
[2012.09.09 21:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions
[2008.01.26 22:37:43 | 000,000,000 | ---D | M] (chinup) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\{28fe3db0-1945-11db-a98b-0800200c9a66}
[2012.03.30 15:59:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.08.15 22:19:56 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16}
[2012.08.18 01:18:34 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\extensions\[email protected]
[2012.09.09 21:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.08.25 05:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.25 05:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 05:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012.09.10 03:49:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: hotmail.com ([]* in Luotettavat sivustot)
O15 - HKCU\..Trusted Domains: live.com ([]* in Luotettavat sivustot)
O15 - HKCU\..Trusted Domains: msn.com ([]* in Luotettavat sivustot)
O15 - HKCU\..Trusted Domains: passport.com ([]* in Luotettavat sivustot)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {59DBDDA6-9A80-42A4-B824-9BC50CC172F5} http://www.programch...m/dll/nixon.cab (Zenturi ConfigMgrEx Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} http://playple.com/v...ab/SLViewer.cab (SLViewer Control)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Nykyinen kotisivu) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\tilapainen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\tilapainen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.04.01 22:19:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "Bonjour Service"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users.WINDOWS^Käynnistä-valikko^Ohjelmat^Käynnistys^Start GeekBuddy.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^tilapainen^Käynnistä-valikko^Ohjelmat^Käynnistys^OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: AntiLogger - hkey= - key= - C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
MsConfig - StartUpReg: DAEMON Tools-1033 - hkey= - key= - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\tilapainen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: openvpn-gui - hkey= - key= - C:\Program Files\SurfBouncer OpenVPN\bin\openvpn-gui.exe ()
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: ZemanaAntiMalware - hkey= - key= - C:\Program Files\Zemana AntiMalware\ZemanaAntiMalware.exe (Zemana)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: hitmanpro36 - Reg Error: Value error.
SafeBootMin: hitmanpro36.sys - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08E05FA4-4370-3862-B199-5CD0420910E5} - .NET Framework
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynaamisen HTML:n tietosidonta Javaa varten
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline-selauspaketti
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Kehittynyt sisältötuottaminen
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Ohje
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation-Java-luokat
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorerin asennustyökalut
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Selainlaajennukset
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN-sivuston käyttö
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynaamisen HTML:n tietosidonta
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorerin perusfontit
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Tehtävien ajoitus
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Ohje
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.X264 - C:\WINDOWS\System32\x264vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.09.10 03:55:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.09.10 03:24:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.09.10 03:19:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.09.10 03:19:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.09.10 03:19:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.09.10 03:19:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.09.10 03:19:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.10 03:19:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.09.09 21:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\OTL
[2012.09.09 21:05:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.09 20:54:30 | 004,747,716 | R--- | C] (Swearware) -- C:\Documents and Settings\tilapainen\Työpöytä\ComboFix.exe
[2012.09.09 20:54:30 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\tilapainen\Työpöytä\aswMBR.exe
[2012.09.09 20:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\polt
[2012.09.09 20:32:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\tilapainen\Recent
[2012.09.09 05:23:39 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\tilapainen\Työpöytä\OTL.exe
[2012.09.07 07:19:29 | 002,306,304 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS
[2012.09.07 00:25:16 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2012.09.06 05:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\ProcessMonitor
[2012.09.06 05:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\apps
[2012.09.01 06:55:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012.09.01 06:50:48 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012.09.01 06:50:48 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012.09.01 06:50:46 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2012.09.01 06:50:46 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2012.09.01 06:50:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2012.09.01 06:50:44 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2012.09.01 06:50:44 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2012.09.01 06:50:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2012.09.01 06:50:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2012.09.01 06:50:43 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012.09.01 06:50:32 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2012.09.01 06:50:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012.09.01 06:50:28 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2012.09.01 06:50:28 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2012.09.01 06:50:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2012.09.01 06:50:27 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2012.09.01 06:50:27 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2012.09.01 06:50:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2012.09.01 06:50:26 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012.09.01 06:50:26 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012.09.01 06:50:26 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012.09.01 06:50:23 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2012.09.01 06:50:22 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2012.09.01 06:50:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2012.09.01 06:50:21 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012.09.01 06:50:21 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2012.09.01 06:50:17 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2012.09.01 06:50:17 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2012.09.01 06:50:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012.09.01 06:50:17 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2012.09.01 06:50:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012.09.01 06:50:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2012.09.01 06:50:16 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2012.09.01 06:50:16 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2012.09.01 06:50:16 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2012.09.01 06:50:16 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2012.09.01 06:50:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012.09.01 06:50:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012.09.01 06:50:14 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2012.09.01 06:50:14 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012.09.01 06:50:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012.09.01 06:50:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012.09.01 06:50:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012.09.01 06:50:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012.09.01 06:50:13 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012.09.01 06:50:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012.09.01 06:50:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012.09.01 06:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012.09.01 06:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012.09.01 06:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012.09.01 06:50:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012.09.01 06:50:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012.09.01 06:50:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012.09.01 06:50:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012.09.01 06:50:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012.09.01 06:50:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012.09.01 06:50:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012.09.01 06:50:00 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012.09.01 06:49:59 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012.09.01 06:49:59 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012.09.01 06:49:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2012.09.01 06:49:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2012.09.01 06:49:55 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012.09.01 06:49:55 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012.09.01 06:49:52 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2012.09.01 06:49:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012.09.01 06:49:51 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012.09.01 06:49:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2012.09.01 06:49:47 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012.09.01 06:49:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2012.09.01 06:49:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012.09.01 06:49:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012.09.01 06:49:46 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2012.09.01 06:49:46 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2012.09.01 06:49:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2012.09.01 06:49:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2012.09.01 06:49:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012.09.01 06:49:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2012.09.01 06:49:33 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2012.09.01 06:49:27 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2012.09.01 06:49:10 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012.09.01 06:49:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2012.09.01 06:49:09 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012.09.01 06:49:09 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2012.09.01 06:49:09 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2012.09.01 06:49:08 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2012.09.01 06:49:07 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012.09.01 06:49:06 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2012.09.01 06:49:06 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2012.09.01 06:49:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2012.09.01 06:49:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2012.09.01 06:49:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2012.09.01 06:49:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2012.09.01 06:49:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012.09.01 06:49:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2012.09.01 06:49:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2012.09.01 06:49:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2012.09.01 06:49:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2012.09.01 06:49:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2012.09.01 06:49:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2012.09.01 06:49:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2012.09.01 06:48:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2012.09.01 06:48:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2012.09.01 06:48:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2012.09.01 06:48:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2012.09.01 06:48:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2012.09.01 06:48:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2012.09.01 06:48:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2012.09.01 06:48:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2012.09.01 06:48:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2012.09.01 06:48:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2012.09.01 06:48:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2012.09.01 06:48:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2012.09.01 06:48:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2012.09.01 06:48:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2012.09.01 06:48:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2012.09.01 06:48:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2012.09.01 06:48:54 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012.09.01 06:48:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2012.09.01 06:48:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2012.09.01 06:48:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2012.09.01 06:48:53 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2012.09.01 06:48:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2012.09.01 06:48:51 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2012.09.01 06:48:50 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2012.09.01 06:48:50 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2012.09.01 06:48:49 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2012.09.01 06:48:44 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2012.09.01 06:48:44 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2012.09.01 06:48:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2012.09.01 06:48:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2012.09.01 06:48:44 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2012.09.01 06:48:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2012.09.01 06:48:43 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2012.09.01 06:48:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2012.09.01 06:48:25 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012.09.01 06:48:24 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2012.09.01 06:48:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2012.09.01 06:48:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2012.09.01 06:48:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2012.09.01 06:48:20 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2012.09.01 06:48:19 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2012.09.01 06:48:18 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2012.09.01 06:48:18 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2012.09.01 06:48:18 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2012.09.01 06:48:18 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2012.09.01 06:48:18 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2012.09.01 06:48:18 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2012.09.01 06:48:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012.09.01 06:48:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2012.09.01 06:48:17 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2012.09.01 06:48:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012.09.01 06:48:17 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2012.09.01 06:48:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2012.09.01 06:48:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2012.09.01 06:48:17 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2012.09.01 06:48:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2012.09.01 06:48:16 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2012.09.01 06:48:16 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2012.09.01 06:48:16 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2012.09.01 06:48:16 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012.09.01 06:48:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012.09.01 06:48:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2012.09.01 06:48:15 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2012.09.01 06:48:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2012.09.01 06:48:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2012.09.01 06:48:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2012.09.01 06:48:14 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2012.09.01 06:48:14 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2012.09.01 06:48:13 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012.09.01 06:48:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012.09.01 06:48:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2012.09.01 06:48:11 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2012.09.01 06:48:11 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2012.09.01 06:48:11 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012.09.01 06:48:11 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2012.09.01 06:48:10 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012.09.01 06:48:10 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012.09.01 06:48:10 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012.09.01 06:48:00 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2012.09.01 06:47:58 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2012.09.01 06:47:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2012.09.01 06:47:58 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012.09.01 06:47:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2012.09.01 06:47:56 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2012.09.01 06:47:54 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2012.09.01 06:47:54 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2012.09.01 06:47:54 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2012.09.01 06:47:53 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2012.09.01 06:47:53 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2012.09.01 06:47:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012.09.01 06:47:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012.09.01 06:47:52 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012.09.01 06:47:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012.09.01 06:47:50 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012.09.01 06:47:49 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2012.09.01 06:47:40 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2012.09.01 06:47:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2012.09.01 06:47:28 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2012.09.01 06:47:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2012.09.01 06:47:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2012.09.01 06:47:27 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2012.09.01 06:47:27 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2012.09.01 06:47:27 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012.09.01 06:47:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2012.09.01 06:47:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2012.09.01 06:47:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012.09.01 06:47:16 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2012.09.01 06:47:16 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2012.09.01 06:47:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2012.09.01 06:47:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2012.09.01 06:47:10 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2012.09.01 06:47:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2012.09.01 06:47:09 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2012.09.01 06:47:08 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2012.09.01 06:47:08 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2012.09.01 06:47:02 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2012.09.01 06:47:01 | 000,832,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2012.09.01 06:47:01 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2012.09.01 06:47:01 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2012.09.01 06:47:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2012.09.01 06:47:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2012.09.01 06:47:00 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2012.09.01 06:47:00 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2012.09.01 06:47:00 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2012.09.01 06:47:00 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2012.09.01 06:47:00 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2012.09.01 06:47:00 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2012.09.01 06:47:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2012.09.01 06:46:59 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2012.09.01 06:46:59 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2012.09.01 06:46:59 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2012.09.01 06:46:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2012.09.01 06:46:58 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2012.09.01 06:46:58 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2012.09.01 06:46:58 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2012.09.01 06:46:58 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2012.09.01 06:46:58 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2012.09.01 06:46:57 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2012.09.01 06:46:57 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2012.09.01 06:46:57 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2012.09.01 06:46:57 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2012.09.01 06:46:57 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2012.09.01 06:46:57 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2012.09.01 06:46:57 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2012.09.01 06:46:56 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2012.09.01 06:46:55 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2012.09.01 06:46:55 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2012.09.01 06:46:55 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2012.09.01 06:46:55 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2012.09.01 06:46:55 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2012.09.01 06:46:54 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2012.09.01 06:46:54 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2012.09.01 06:46:54 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2012.09.01 06:46:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2012.09.01 06:46:53 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2012.09.01 06:46:52 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2012.09.01 06:44:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2012.09.01 06:25:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2012.09.01 06:25:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2012.09.01 06:25:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2012.09.01 06:25:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2012.09.01 01:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\test
[2012.09.01 00:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\HitmanPro
[2012.09.01 00:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.09.01 00:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
[2012.08.31 22:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Application Data\SUPERAntiSpyware.com
[2012.08.31 22:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2012.08.31 22:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.08.31 22:23:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.08.31 21:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012.08.31 21:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Seagate
[2012.08.31 21:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2012.08.31 21:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\Autoruns
[2012.08.31 21:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.08.31 20:59:23 | 050,449,456 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\tilapainen\Työpöytä\dotNetFx40_Full_x86_x64.exe
[2012.08.31 20:51:55 | 007,758,424 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\tilapainen\Työpöytä\HitmanPro36.exe
[2012.08.31 20:51:10 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tilapainen\Työpöytä\tdsskiller.exe
[2012.08.31 20:50:53 | 019,519,528 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\tilapainen\Työpöytä\SUPERAntiSpyware.exe
[2012.08.31 20:50:45 | 019,519,728 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\tilapainen\Työpöytä\SUPERAntiSpywarePro.exe
[2012.08.31 15:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\CrystalDiskInfo
[2012.08.31 15:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2012.08.31 15:15:04 | 003,103,776 | ---- | C] (Crystal Dew World ) -- C:\Documents and Settings\tilapainen\Työpöytä\CrystalDiskInfo5_0_3Shizuku-en.exe
[2012.08.31 15:14:59 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.08.30 20:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Application Data\Malwarebytes
[2012.08.30 20:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Malwarebytes' Anti-Malware
[2012.08.30 20:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2012.08.30 20:38:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.08.30 20:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.30 20:29:31 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\tilapainen\Työpöytä\mbam-setup-1.62.0.1300.exe
[2012.08.30 20:29:31 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\tilapainen\Työpöytä\mbam-clean-1.60.2.0003.exe
[2012.08.30 19:54:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\tilapainen\Käynnistä-valikko\Ohjelmat\Valvontatyökalut
[2012.08.30 19:54:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012.08.30 07:34:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012.08.29 23:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Omat tiedostot
[2012.08.29 23:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Työpöytä\Downloads
[2012.08.15 00:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tilapainen\Local Settings\Application Data\Google
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.09.10 06:48:49 | 000,011,088 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\events.rtf
[2012.09.10 06:40:00 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 86a31f33-2771-40e0-bf19-220dfd227e8c.job
[2012.09.10 06:09:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.10 06:09:09 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012.09.10 06:07:38 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\2.evt
[2012.09.10 06:07:21 | 000,589,824 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\1.evt
[2012.09.10 06:07:08 | 000,524,200 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\sys event application log.evt
[2012.09.10 06:06:57 | 000,394,052 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\sys event log.evt
[2012.09.10 06:06:10 | 000,140,667 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\syst.csv
[2012.09.10 03:49:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.09.10 03:24:34 | 000,000,338 | RHS- | M] () -- C:\boot.ini
[2012.09.10 02:54:24 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\MBR.dat
[2012.09.10 02:42:51 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\tilapainen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.09 23:46:49 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012.09.09 08:38:20 | 000,013,581 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\ohjeet.rtf
[2012.09.09 08:37:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\tilapainen\Työpöytä\aswMBR.exe
[2012.09.09 08:33:38 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\tilapainen\Työpöytä\VEW.exe
[2012.09.09 08:32:00 | 004,747,716 | R--- | M] (Swearware) -- C:\Documents and Settings\tilapainen\Työpöytä\ComboFix.exe
[2012.09.09 03:57:20 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\tilapainen\Työpöytä\OTL.exe
[2012.09.07 09:59:30 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.06 07:35:58 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\SeaTools for Windows.lnk
[2012.09.05 23:32:21 | 005,836,954 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\AutoRuns log.arn
[2012.09.03 22:32:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\ws8rc1kx.exe
[2012.09.01 06:59:07 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\tilapainen\Application Data\Microsoft\Internet Explorer\Quick Launch\Käynnistä Internet Explorer -selain.lnk
[2012.09.01 06:58:56 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2012.09.01 06:57:12 | 000,496,486 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.01 06:57:12 | 000,472,338 | ---- | M] () -- C:\WINDOWS\System32\perfh00B.dat
[2012.09.01 06:57:12 | 000,102,616 | ---- | M] () -- C:\WINDOWS\System32\perfc00B.dat
[2012.09.01 06:57:12 | 000,085,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.01 06:54:57 | 000,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.09.01 06:52:48 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012.09.01 06:46:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012.09.01 06:46:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012.09.01 06:46:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012.09.01 06:46:07 | 000,004,381 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012.09.01 06:42:45 | 000,022,736 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.09.01 06:40:21 | 000,000,222 | ---- | M] () -- C:\Boot.bak
[2012.09.01 05:29:41 | 000,054,949 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2012.09.01 02:32:20 | 000,000,000 | ---- | M] () -- C:\WindowsLiveMessenger-uccapi-0.uccapilog
[2012.09.01 00:59:31 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\HitmanPro.lnk
[2012.08.31 22:39:05 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\SUPERAntiSpyware Professional.lnk
[2012.08.31 21:07:09 | 000,537,139 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\Autoruns.zip
[2012.08.31 21:00:05 | 050,449,456 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\tilapainen\Työpöytä\dotNetFx40_Full_x86_x64.exe
[2012.08.31 20:52:01 | 007,758,424 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\tilapainen\Työpöytä\HitmanPro36.exe
[2012.08.31 20:51:29 | 019,519,528 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\tilapainen\Työpöytä\SUPERAntiSpyware.exe
[2012.08.31 20:51:23 | 019,519,728 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\tilapainen\Työpöytä\SUPERAntiSpywarePro.exe
[2012.08.31 20:51:22 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\tilapainen\Työpöytä\tdsskiller.exe
[2012.08.31 20:50:26 | 021,476,536 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\SeaToolsforWindowsSetup-1206.exe
[2012.08.31 20:49:51 | 000,130,247 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\bluescreenview_setup.exe
[2012.08.31 15:18:58 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\tilapainen\Työpöytä\CrystalDiskInfo.lnk
[2012.08.31 15:15:29 | 003,103,776 | ---- | M] (Crystal Dew World ) -- C:\Documents and Settings\tilapainen\Työpöytä\CrystalDiskInfo5_0_3Shizuku-en.exe
[2012.08.30 20:38:32 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\tilapainen\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.08.30 20:38:32 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\Malwarebytes Anti-Malware.lnk
[2012.08.30 20:27:06 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\tilapainen\Työpöytä\mbam-setup-1.62.0.1300.exe
[2012.08.30 20:26:28 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\tilapainen\Työpöytä\mbam-clean-1.60.2.0003.exe
[2012.08.30 20:24:38 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\Mozilla Firefox.lnk
[2012.08.26 03:28:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.08.15 17:57:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.10 06:15:04 | 000,011,088 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\events.rtf
[2012.09.10 06:07:37 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\2.evt
[2012.09.10 06:07:21 | 000,589,824 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\1.evt
[2012.09.10 06:07:08 | 000,524,200 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\sys event application log.evt
[2012.09.10 06:06:57 | 000,394,052 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\sys event log.evt
[2012.09.10 06:06:09 | 000,140,667 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\syst.csv
[2012.09.10 03:24:34 | 000,000,222 | ---- | C] () -- C:\Boot.bak
[2012.09.10 03:24:15 | 000,260,352 | RHS- | C] () -- C:\cmldr
[2012.09.10 03:19:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.09.10 03:19:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.09.10 03:19:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.09.10 03:19:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.09.10 03:19:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.09.10 02:54:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\MBR.dat
[2012.09.09 20:54:30 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\tilapainen\Työpöytä\VEW.exe
[2012.09.09 20:54:30 | 000,013,581 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\ohjeet.rtf
[2012.09.08 00:33:19 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\ws8rc1kx.exe
[2012.09.05 23:32:16 | 005,836,954 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\AutoRuns log.arn
[2012.09.01 06:48:48 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012.09.01 06:48:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012.09.01 06:47:53 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012.09.01 06:25:28 | 001,014,139 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2012.09.01 06:25:28 | 000,809,684 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012.09.01 06:25:28 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012.09.01 06:25:28 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012.09.01 06:25:28 | 000,102,826 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012.09.01 06:25:28 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012.09.01 06:25:28 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012.09.01 06:25:28 | 000,030,983 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012.09.01 06:25:28 | 000,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012.09.01 06:25:28 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012.09.01 06:25:28 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012.09.01 06:25:28 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012.09.01 06:25:28 | 000,007,407 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012.09.01 06:25:28 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012.09.01 06:25:27 | 001,895,804 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012.09.01 06:25:27 | 000,620,210 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012.09.01 05:14:40 | 000,000,520 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 86a31f33-2771-40e0-bf19-220dfd227e8c.job
[2012.09.01 02:23:17 | 000,000,000 | ---- | C] () -- C:\WindowsLiveMessenger-uccapi-0.uccapilog
[2012.09.01 00:59:31 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\HitmanPro.lnk
[2012.08.31 22:39:05 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\SUPERAntiSpyware Professional.lnk
[2012.08.31 21:35:50 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\SeaTools for Windows.lnk
[2012.08.31 21:07:00 | 000,537,139 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\Autoruns.zip
[2012.08.31 20:50:08 | 021,476,536 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\SeaToolsforWindowsSetup-1206.exe
[2012.08.31 20:49:46 | 000,130,247 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\bluescreenview_setup.exe
[2012.08.31 15:18:58 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\tilapainen\Työpöytä\CrystalDiskInfo.lnk
[2012.08.31 00:58:44 | 000,054,949 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2012.08.30 20:38:32 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\tilapainen\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012.08.30 20:38:32 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Työpöytä\Malwarebytes Anti-Malware.lnk
[2012.02.16 21:21:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.08 19:08:38 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2011.10.24 12:49:28 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011.07.13 07:20:04 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011.07.11 22:47:08 | 000,268,952 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011.07.11 22:46:57 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009.07.06 21:23:40 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\tilapainen\Local Settings\Application Data\d3d9caps.dat
[2008.10.26 20:05:41 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\tilapainen\userprefs.prop
[2008.01.26 16:49:28 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\tilapainen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.25 14:51:54 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\.zreglib
[2006.04.03 16:50:45 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3160023A
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 149,00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2007.07.18 12:09:19 | 000,678,680 | ---- | M] (BillP Studios) -- C:\wpsetup.exe

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2007.07.18 12:09:19 | 000,678,680 | ---- | M] (BillP Studios) -- C:\wpsetup.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2008.08.10 03:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\.purple
[2012.08.31 00:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Adobe
[2010.08.23 22:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Apple Computer
[2010.01.25 23:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\ATI
[2008.09.20 19:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Canneverbe_Limited
[2008.03.04 01:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\CyberLink
[2009.02.21 02:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Darkfall
[2012.02.02 18:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Downloaded Installations
[2009.01.28 17:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Hamachi
[2009.04.02 18:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Help
[2008.01.26 16:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Identities
[2011.01.06 04:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Leadertech
[2009.09.25 22:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Livestation
[2011.05.09 22:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Logitech
[2008.01.26 16:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Macromedia
[2012.08.30 20:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Malwarebytes
[2009.09.25 22:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Mchid
[2008.02.01 15:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Media Player Classic
[2012.08.31 00:49:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\tilapainen\Application Data\Microsoft
[2011.12.10 00:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Mount&Blade Warband
[2008.09.06 14:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Mozilla
[2010.08.05 21:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Mozilla-Cache
[2008.01.27 20:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\NetMedia Providers
[2012.02.02 18:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Nitro PDF
[2009.03.04 01:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Nokia
[2009.02.06 19:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Nseries
[2009.11.13 06:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Octoshape
[2012.05.08 22:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\OpenOffice.org
[2012.06.05 17:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Oracle
[2009.02.06 19:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\PC Suite
[2008.12.20 20:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\PC Tools
[2008.12.21 00:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\PCToolsFirewallPlus
[2010.11.20 19:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\PPLive
[2008.01.27 20:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Publish Providers
[2011.08.13 02:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Real
[2011.05.08 22:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\ReaSoft
[2009.06.13 20:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\ScanSpyware
[2009.01.23 04:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\SiteAdvisor
[2008.01.27 20:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Sonic Foundry
[2008.01.26 22:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Sun
[2012.08.31 22:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\SUPERAntiSpyware.com
[2009.05.07 21:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\TrojanHunter
[2008.01.27 00:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\Ventrilo
[2012.01.02 23:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\vlc
[2009.05.08 17:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\WinPatrol
[2008.01.26 22:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tilapainen\Application Data\WinRAR

< MD5 for: ATAPI.SYS >
[2004.09.15 15:00:00 | 018,779,439 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\10eb48da774358af515ae0151f383586\atapi.sys
[2004.09.15 15:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2004.09.15 15:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2008.04.14 19:12:06 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=453FD77FF9BEAC8A22F04D68BED53F5E -- C:\WINDOWS\SoftwareDistribution\Download\10eb48da774358af515ae0151f383586\csrss.exe
[2004.09.15 15:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=4EE3B89AC15BC7C19E67B05FC1B1ED57 -- C:\WINDOWS\system32\csrss.exe
[2004.09.15 15:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=4EE3B89AC15BC7C19E67B05FC1B1ED57 -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008.04.14 19:12:11 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=0C35F47295002F8A06419744E945D670 -- C:\WINDOWS\SoftwareDistribution\Download\10eb48da774358af515ae0151f383586\explorer.exe
[2004.09.15 15:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=43C0B3D357F319875A51BC111F393147 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004.09.15 15:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=43C0B3D357F319875A51BC111F393147 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2004.09.15 15:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=43C0B3D357F319875A51BC111F393147 -- C:\WINDOWS\explorer.exe
[2004.09.15 15:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=43C0B3D357F319875A51BC111F393147 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007.06.13 16:10:34 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=FB53C3B1E17F62E8FCB07CAAF4C4272E -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008.06.20 20:44:04 | 000,246,784 | ---- | M] (Microsoft Corporation) MD5=341A965B8EC54059D71D176FBE9AF56B -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008.06.20 20:44:04 | 000,246,784 | ---- | M] (Microsoft Corporation) MD5=341A965B8EC54059D71D176FBE9AF56B -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[2004.09.15 15:00:00 | 000,246,784 | ---- | M] (Microsoft Corporation) MD5=5981BE8B1C04A740662D088A82E11F4A -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2004.09.15 15:00:00 | 000,246,784 | ---- | M] (Microsoft Corporation) MD5=5981BE8B1C04A740662D088A82E11F4A -- C:\WINDOWS\erdnt\cache\mswsock.dll
[2004.09.15 15:00:00 | 000,246,784 | ---- | M] (Microsoft Corporation) MD5=5981BE8B1C04A740662D088A82E11F4A -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2004.09.15 15:00:00 | 000,246,784 | ---- | M] (Microsoft Corporation) MD5=5981BE8B1C04A740662D088A82E11F4A -- C:\WINDOWS\system32\mswsock.dll
[2008.06.20 20:37:17 | 000,246,784 | ---- | M] (Microsoft Corporation) MD5=7A47170DC2348F75B61FF6133D437A9E -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2008.04.14 19:11:42 | 000,246,784 | ---- | M] (Microsoft Corporation) MD5=B2925F88C80FA377A5F00336C30356FA -- C:\WINDOWS\SoftwareDistribution\Download\10eb48da774358af515ae0151f383586\mswsock.dll
[2008.06.20 20:47:56 | 000,246,784 | ---- | M] (Microsoft Corporation) MD5=D0C581F6B33C327010E68418DCE3E3D2 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2006.10.13 15:42:45 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=22B8FEF1C19FD72B99CB602A0C0A5AB3 -- C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
[2004.09.15 15:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=26D9E4056A3E877CA242BD0CD73B2102 -- C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll
[2004.09.15 15:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=26D9E4056A3E877CA242BD0CD73B2102 -- C:\WINDOWS\system32\dllcache\nwprovau.dll
[2004.09.15 15:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=26D9E4056A3E877CA242BD0CD73B2102 -- C:\WINDOWS\system32\nwprovau.dll
[2008.04.14 19:11:42 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=6ED836723F647EBE49B1DD2696928150 -- C:\WINDOWS\SoftwareDistribution\Download\10eb48da774358af515ae0151f383586\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004.09.15 15:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=3D0DFB0DD07EBA5CF08E662F592F3C5C -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2004.09.15 15:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=3D0DFB0DD07EBA5CF08E662F592F3C5C -- C:\WINDOWS\system32\pnrpnsp.dll
[2008.04.14 19:11:45 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=995348F67FDCBC201E5E7E397C69D828 -- C:\WINDOWS\SoftwareDistribution\Download\10eb48da774358af515ae0151f383586\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009.02.09 12:53:26 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=03B62ED6130421EB6D3144BE834FE31A -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009.02.09 14:25:06 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=BE4CA1A36621248590E80713CFDF20D2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2004.09.15 15:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=C2F8F8343435FC080C2DE25A410E09E8 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
[2004.09.15 15:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=C2F8F8343435FC080C2DE25A410E09E8 -- C:\WINDOWS\erdnt\cache\services.exe
[2004.09.15 15:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=C2F8F8343435FC080C2DE25A410E09E8 -- C:\WINDOWS\system32\dllcache\services.exe
[2004.09.15 15:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=C2F8F8343435FC080C2DE25A410E09E8 -- C:\WINDOWS\system32\services.exe
[2008.04.14 19:12:27 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=E473263067492FC77F7690D4112CAF16 -- C:\WINDOWS\SoftwareDistribution\Download\10eb48da774358af515ae0151f383586\services.exe
[2009.02.09 14:17:42 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=F679920A924E8435805916C092395732 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

< MD5 for: SVCHOST.EXE >
[2004.09.15 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=34C8D42B876703B3ABF0562307428561 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2004.09.15 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=34C8D42B876703B3ABF0562307428561 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.09.15 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=34C8D42B876703B3ABF0562307428561 -- C:\WINDOWS\system32\svchost.exe
[2008.04.14 19:12:29 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=6138D30346CF435D2BF32CBC1437F625 -- C:\WINDOWS\SoftwareDistribution\Download\10eb48da774358af515ae0151f383586\svchost.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 19:12:31 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=3A5773B946C1B4F0DB1B48A5D8E1D562 -- C:\WINDOWS\SoftwareDistribution\Download\10eb48da774358af515ae0151f383586\userinit.exe
[2004.09.15 15:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=6484E1ECD8BE4011D74FE68A761798FD -- C:\WINDOWS\erdnt\cache\userinit.exe
[2004.09.15 15:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=6484E1ECD8BE4011D74FE68A761798FD -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.09.15 15:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=6484E1ECD8BE4011D74FE68A761798FD -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.09.15 15:00:00 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=5F0714B1447DC0262789C3CC43752418 -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2004.09.15 15:00:00 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=5F0714B1447DC0262789C3CC43752418 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.09.15 15:00:00 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=5F0714B1447DC0262789C3CC43752418 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 19:12:33 | 000,508,416 | ---- | M] (Microsoft Corporation) MD5=76B238743BE82D4CAE1B7C95C898B6B6 -- C:\WINDOWS\SoftwareDistribution\Download\10eb48da774358af515ae0151f383586\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004.09.15 15:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=186C9661A792CD2CF0CBEB455A927E6B -- C:\WINDOWS\system32\dllcache\winrnr.dll
[2004.09.15 15:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=186C9661A792CD2CF0CBEB455A927E6B -- C:\WINDOWS\system32\winrnr.dll
[2008.04.14 19:11:57 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=F09D3F662857007669F55ABEECDD2C99 -- C:\WINDOWS\SoftwareDistribution\Download\10eb48da774358af515ae0151f383586\winrnr.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.08.25 05:01:06 | 000,883,864 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.08.25 05:01:06 | 000,883,864 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.08.25 05:01:06 | 000,883,864 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.08.25 05:00:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.08.25 05:00:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.08.25 05:00:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004.09.15 15:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004.09.15 15:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004.09.15 15:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2004.09.15 15:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004.09.15 15:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.08.25 05:01:06 | 000,883,864 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.08.25 05:01:06 | 000,883,864 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.08.25 05:01:06 | 000,883,864 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.08.25 05:00:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.08.25 05:00:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.08.25 05:00:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004.09.15 15:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004.09.15 15:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004.09.15 15:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2004.09.15 15:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004.09.15 15:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

-------------------------------------------------------------------



OTL Extras:

-------------------------------------------------------------------

OTL Extras logfile created on: 10.9.2012 6:50:23 - Run 4
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Documents and Settings\tilapainen\Työpöytä\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

1022,48 Mb Total Physical Memory | 490,05 Mb Available Physical Memory | 47,93% Memory free
2,40 Gb Paging File | 1,88 Gb Available in Paging File | 78,10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 115,29 Gb Free Space | 77,35% Space Free | Partition Type: NTFS

Computer Name: EMT-F8A04F66186 | User Name: tilapainen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com)
"C:\Warcraft III\Warcraft III.exe" = C:\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- (Blizzard Entertainment)
"C:\Pelit\Wolfenstein - Enemy Territory\ET.exe" = C:\Pelit\Wolfenstein - Enemy Territory\ET.exe:*:Disabled:ET -- ()
"C:\Documents and Settings\tilapainen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\tilapainen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Disabled:Google Talk Plugin -- (Google)
"C:\Program Files\PPLive\PPLive.exe" = C:\Program Files\PPLive\PPLive.exe:*:Disabled:PPLive -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0468A4CF-069D-86B6-84BD-F8E4F86E2631}" = Catalyst Control Center Graphics Previews Common
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08E05FA4-4370-3862-B199-5CD0420910E5}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FIN
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Liven lataustyökalu
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25B9C7BE-5CFD-6173-D3E1-6E4C9EBD8658}" = Catalyst Control Center Graphics Light
"{26999308-FF96-5FBF-B2DB-12E66346FA3A}" = CCC Help German
"{2927733E-A961-BA53-03C5-03774A081030}" = ccc-core-static
"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
"{2A38B5AA-EA84-4F87-9937-2FB23982243A}" = Sonic Foundry ACID 4.0
"{30148775-0642-7507-58EA-3CDB7E828BA2}" = Catalyst Control Center Core Implementation
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{34C0D982-39B7-3C1D-BA3C-CA77BD029D53}" = Microsoft .NET Framework 3.5 Language Pack - fin
"{350C940b-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3972209B-4946-9B49-1911-0AC122FB8073}" = CCC Help Russian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA798B8-97EE-39D2-A105-5800EF3351B7}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FIN
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43165058-0CD3-F336-0B4E-879A03DC8F50}" = Catalyst Control Center Graphics Full Existing
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{43F18082-D8A1-5A37-829D-CF1C4ED9ED2A}" = CCC Help Portuguese
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4905D4CA-7295-F988-AE8A-B04675295133}" = CCC Help Thai
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{55A83F62-4CC7-8A5F-0FB0-FE55B53B3ED1}" = CCC Help Finnish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B31B7DD-ED2E-F515-C900-B2E91138A34F}" = ccc-core-preinstall
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5F032DC8-A020-D42E-F2E6-41C748A92A06}" = Catalyst Control Center Graphics Full New
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{618A812B-3099-8DB2-C8E4-95D15A7B7CD5}" = Catalyst Control Center HydraVision Full
"{6350DFD0-01B0-11DE-87AF-0800200C9A66}" = Livestation
"{6707309D-7FBC-43C9-926F-A66C69054768}" = OpenOffice.org 3.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A7E75AF-C2C7-4B1E-FE46-E0979833D6D5}" = CCC Help Spanish
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71AFFCBF-0864-C19D-0C07-5DF67BA0382D}" = CCC Help Turkish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7876AE8D-08D8-3A1C-A1F4-E7F255DDBBEA}" = ccc-utility
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8425081E-FEFF-6E4B-408E-53345859896C}" = CCC Help English
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E8B88CB-2B90-455F-85F4-5CDFDA08E168}" = T6poker
"{90FE2C60-A4C3-D61D-790A-9493EE405AEA}" = CCC Help Swedish
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A05CF147-BEED-4880-BF9B-4EAF22C77FFD}" = Microsoft Pro Photo Tools
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1D39316-5F04-44B2-B90B-7834A794D285}" = Windows Liven kirjautumisavustaja
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8BBAA6B-71BE-4AA2-A9DE-76BF38473E5F}" = ATI AVIVO Codecs
"{AC76BA86-7AD7-1035-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Suomi
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{ADAA5D11-5D8F-31EC-1992-693239110308}" = CCC Help French
"{B21C00B6-2B53-BB00-B4FE-27316019A9C5}" = CCC Help Chinese Traditional
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B435AE22-F62A-4402-A4E5-E612631B92C9}" = OnlineLive
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBB3F622-D848-4CDA-B282-CC53627432F0}" = Microsoft Application Compatibility Toolkit 5.0
"{BD7CDF5A-315E-A085-CF42-921B37D7A507}" = CCC Help Hungarian
"{BE9269F2-562B-7BC7-9BE9-16EF8B52B403}" = Catalyst Control Center Localization All
"{BF243C52-D0D2-A777-D388-DFCCF00FFC23}" = CCC Help Dutch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7370250-3AA3-23F8-DE52-21701C911BBD}" = CCC Help Korean
"{C7DA1638-A3B9-0AF6-B1B3-5ACBC08E7204}" = CCC Help Polish
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D472CC91-8FFC-B07C-F755-363498CF7724}" = CCC Help Danish
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D68E33C8-F508-F069-FF15-59B2BF50B0D3}" = CCC Help Japanese
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{E236A12C-FE29-49C4-C10C-F9AFF2EE8D39}" = CCC Help Chinese Standard
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFA83B92-06EA-D90D-1342-A7872D97B89F}" = CCC Help Italian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F344E188-969B-44D8-9320-518DC25E6926}" = TopSpin Demo
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{FAFD1909-311F-2035-6C97-7151A3B485C5}" = CCC Help Greek
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD433CFA-5819-54FC-005C-140926CDBB6F}" = CCC Help Czech
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF97034A-E1FE-CC80-E5D4-549796B72E36}" = CCC Help Norwegian
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windowsin ohjainpaketti - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windowsin ohjainpaketti - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Acoustica Beatcraft" = Acoustica Beatcraft
"Ajokorttikoulu" = Ajokorttikoulu
"All ATI Software" = ATI-ohjelmiston poisto-ohjelma
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"BootSkin" = BootSkin
"Bridge Builder" = Bridge Builder
"Capitalism 2_is1" = Capitalism 2
"CCleaner" = CCleaner (remove only)
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.0.3 Shizuku Edition
"Deus Ex - Game of the Year Edition_is1" = Deus Ex - Game of the Year Edition
"DFOTray" = DFOTray
"DreamWorks Interactive: Neverhood" = The Neverhood
"Fallout2" = Fallout2
"FFdshow_is1" = FFdshow [2006-08-21 | rev 2546]
"Finale Reader" = Finale Reader 2010
"FLVPlayer" = FLV Player 1.3.3
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Freez Screen Video Capture v1.2_is1" = Freez Screen Video Capture v1.2
"Gangsters" = Gangsters
"GIF Animator" = Microsoft GIF Animator
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (vain poisto)
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"HitmanPro36" = HitmanPro 3.6
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{F344E188-969B-44D8-9320-518DC25E6926}" = TopSpin Demo
"IrfanView" = IrfanView (remove only)
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"LucasArts' Curse of Monkey Island" = LucasArts' Curse of Monkey Island
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versio 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack - fin" = Microsoft .NET Framework 3.5:n kielitukipaketti - FI
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 WAV Converter 3.98" = MP3 WAV Converter 3.98
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN openvpn-2.1_rc19-install
"PAFPoker" = PAF POKER (remove only)
"PeerGuardian_is1" = PeerGuardian 2.0
"PokerStars" = PokerStars
"Police Quest 1+2+3+4_is1" = Police Quest 1+2+3+4
"PPLive" = PPLive 1.9
"QQ¶·µØÖ÷½ÇÉ«°æ" = QQ¶·µØÖ÷½ÇÉ«°æ
"QQÓÎÏ·" = QQÓÎÏ·
"ReaJPEG Pro_is1" = ReaJPEG Pro 4.0
"RealPlayer 6.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.7e
"SitNGoWizard" = SitNGo Wizard
"SopCast" = SopCast 3.4.0
"SopCore" = SopCore 1.1.2
"SystemRequirementsLab" = System Requirements Lab
"Texas Calculatem_is1" = Texas Calculatem 4 with "AutoRead"
"The Guild Gold_is1" = The Guild Gold
"TrojanHunter_is1" = TrojanHunter 5.1
"UltimaOnline" = Ultima Online: Renaissance
"UOAssist" = UOAssist
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"VentriloMIX" = VentriloMIX
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2007
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WMFDist11" = Windows Media Format 11 runtime
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"x264 Revision 564 x264.nl" = x264 Revision 564 x264.nl (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 9.9.2012 23:30:16 | Computer Name = EMT-F8A04F66186 | Source = Service Control Manager | ID = 7001
Description = Palvelu Etäkäytön (RAS) yhteyksienhallinta on riippuvainen palvelusta
Puhelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1058

Error - 9.9.2012 23:35:32 | Computer Name = EMT-F8A04F66186 | Source = Service Control Manager | ID = 7001
Description = Palvelu Etäkäytön (RAS) yhteyksienhallinta on riippuvainen palvelusta
Puhelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1058

Error - 9.9.2012 23:40:48 | Computer Name = EMT-F8A04F66186 | Source = Service Control Manager | ID = 7001
Description = Palvelu Etäkäytön (RAS) yhteyksienhallinta on riippuvainen palvelusta
Puhelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1058

Error - 9.9.2012 23:46:06 | Computer Name = EMT-F8A04F66186 | Source = Service Control Manager | ID = 7001
Description = Palvelu Etäkäytön (RAS) yhteyksienhallinta on riippuvainen palvelusta
Puhelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1058

Error - 9.9.2012 23:51:24 | Computer Name = EMT-F8A04F66186 | Source = Service Control Manager | ID = 7001
Description = Palvelu Etäkäytön (RAS) yhteyksienhallinta on riippuvainen palvelusta
Puhelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1058

Error - 9.9.2012 23:58:41 | Computer Name = EMT-F8A04F66186 | Source = Service Control Manager | ID = 7001
Description = Palvelu Etäkäytön (RAS) yhteyksienhallinta on riippuvainen palvelusta
Puhelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1058

Error - 10.9.2012 0:05:24 | Computer Name = EMT-F8A04F66186 | Source = Service Control Manager | ID = 7001
Description = Palvelu Etäkäytön (RAS) yhteyksienhallinta on riippuvainen palvelusta
Puhelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1058

Error - 10.9.2012 0:11:47 | Computer Name = EMT-F8A04F66186 | Source = Service Control Manager | ID = 7001
Description = Palvelu Etäkäytön (RAS) yhteyksienhallinta on riippuvainen palvelusta
Puhelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1058

Error - 10.9.2012 0:18:33 | Computer Name = EMT-F8A04F66186 | Source = Service Control Manager | ID = 7001
Description = Palvelu Etäkäytön (RAS) yhteyksienhallinta on riippuvainen palvelusta
Puhelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1058

Error - 10.9.2012 0:19:43 | Computer Name = EMT-F8A04F66186 | Source = Service Control Manager | ID = 7001
Description = Palvelu Etäkäytön (RAS) yhteyksienhallinta on riippuvainen palvelusta
Puhelin, jonka käynnistyminen epäonnistui virheen vuoksi: %%1058


< End of report >

-----------------------------------------------------

edit: In your next reply, could you please explain what it means when the Extras log shows entries about FirewallEnabled value being 0 for DomainProfile, but 1 for StandardProfile? On my other computer (XP Pro, SP3), I can see that the values are reversed: there the value is 1 for DomainProfile but 0 for StandardProfile. In addition, the registry entry for the open ports looks a bit odd to me. Should I be concerned? I took a look and noticed that the PC that I'm having issues with, still has Windows firewall enabled alongside Comodo's firewall. In the 'exceptions' tab the following two were checked: UpNp and Xp Net Diagnostic. UpNp accounts for two ports (1900 and 2869 if I recall), does XpNetDiagnostic account for all the rest?

Thank you very much for your time.

Edited by mcs123, 10 September 2012 - 12:57 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,904 posts
  • MVP
Start, Run, cmd, OK to bring up a Command Window. Type (with an Enter after each line):


netsh  int ip  reset \junk.txt


Reboot then go back into a command window and do:

ipconfig  /all  >>  \junk.txt

notepad  \junk.txt

Copy and paste the text from C:\junk.txt or if it's too big, attach it.
  • 0

#5
mcs123

mcs123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Let me know if you require a translation for the last lines.



-----------------------------------------------------------

reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
old REG_MULTI_SZ =
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{1C2895FC-4D43-4910-BF63-AE3D720B8996}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{7BCE6AEA-1956-4DA7-B39F-E289AC3EFD53}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{7BCE6AEA-1956-4DA7-B39F-E289AC3EFD53}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{B5EF7062-B0DD-4458-97A6-C09FCE2C4B15}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{B5EF7062-B0DD-4458-97A6-C09FCE2C4B15}\NetbiosOptions
added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{BEC09828-4A70-4372-8D79-7E1240972F1D}\NetbiosOptions
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0BAC457F-EEDB-4866-AA98-4E5D9B32D4BD}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0BAC457F-EEDB-4866-AA98-4E5D9B32D4BD}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0BAC457F-EEDB-4866-AA98-4E5D9B32D4BD}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0BAC457F-EEDB-4866-AA98-4E5D9B32D4BD}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0BAC457F-EEDB-4866-AA98-4E5D9B32D4BD}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0C59F6A0-4FC6-40ED-800A-2543D012F82B}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0C59F6A0-4FC6-40ED-800A-2543D012F82B}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0C59F6A0-4FC6-40ED-800A-2543D012F82B}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0C59F6A0-4FC6-40ED-800A-2543D012F82B}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0C59F6A0-4FC6-40ED-800A-2543D012F82B}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2A59D8A8-8AE1-4F3A-A242-29E01A334456}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2A59D8A8-8AE1-4F3A-A242-29E01A334456}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2A59D8A8-8AE1-4F3A-A242-29E01A334456}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2A59D8A8-8AE1-4F3A-A242-29E01A334456}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2A59D8A8-8AE1-4F3A-A242-29E01A334456}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2A59D8A8-8AE1-4F3A-A242-29E01A334456}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2A59D8A8-8AE1-4F3A-A242-29E01A334456}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BCE6AEA-1956-4DA7-B39F-E289AC3EFD53}\NameServer
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8C43AF0E-B2EC-4297-B656-6B4A34E76752}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8C43AF0E-B2EC-4297-B656-6B4A34E76752}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8C43AF0E-B2EC-4297-B656-6B4A34E76752}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8C43AF0E-B2EC-4297-B656-6B4A34E76752}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8C43AF0E-B2EC-4297-B656-6B4A34E76752}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91E88223-F92C-4344-853F-38FECFC31330}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91E88223-F92C-4344-853F-38FECFC31330}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91E88223-F92C-4344-853F-38FECFC31330}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91E88223-F92C-4344-853F-38FECFC31330}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91E88223-F92C-4344-853F-38FECFC31330}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9E279963-137D-4385-B169-3F4AD06113D6}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9E279963-137D-4385-B169-3F4AD06113D6}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9E279963-137D-4385-B169-3F4AD06113D6}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9E279963-137D-4385-B169-3F4AD06113D6}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9E279963-137D-4385-B169-3F4AD06113D6}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9E279963-137D-4385-B169-3F4AD06113D6}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9E279963-137D-4385-B169-3F4AD06113D6}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B5EF7062-B0DD-4458-97A6-C09FCE2C4B15}\NameServer
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DB46C416-BFCE-4179-8E8D-50EDA0138526}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DB46C416-BFCE-4179-8E8D-50EDA0138526}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DB46C416-BFCE-4179-8E8D-50EDA0138526}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DB46C416-BFCE-4179-8E8D-50EDA0138526}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DB46C416-BFCE-4179-8E8D-50EDA0138526}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DB46C416-BFCE-4179-8E8D-50EDA0138526}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DB46C416-BFCE-4179-8E8D-50EDA0138526}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F37D4221-A4E5-49BE-880C-41BAD8CAA617}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F37D4221-A4E5-49BE-880C-41BAD8CAA617}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F37D4221-A4E5-49BE-880C-41BAD8CAA617}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F37D4221-A4E5-49BE-880C-41BAD8CAA617}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F37D4221-A4E5-49BE-880C-41BAD8CAA617}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F37D4221-A4E5-49BE-880C-41BAD8CAA617}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F37D4221-A4E5-49BE-880C-41BAD8CAA617}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
reset Linkage\UpperBind for USB\VID_12D1&PID_140C&MI_01\6&2D1F7E1&0&0001. bad value was:
REG_MULTI_SZ =
VPCNetS2

reset Linkage\UpperBind for USB\VID_12D1&PID_140C&MI_01\6&2DE7685E&0&0001. bad value was:
REG_MULTI_SZ =
VPCNetS2

reset Linkage\UpperBind for USB\VID_12D1&PID_140C&MI_01\6&24EA48C0&0&0001. bad value was:
REG_MULTI_SZ =
VPCNetS2

reset Linkage\UpperBind for ROOT\NET\0000. bad value was:
REG_MULTI_SZ =
VPCNetS2

reset Linkage\UpperBind for PCI\VEN_13F0&DEV_1023&SUBSYS_1416147B&REV_41\3&2411E6FE&0&70. bad value was:
REG_MULTI_SZ =
VPCNetS2

reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:
REG_MULTI_SZ =
PSched

<completed>

Windows IP-määritykset
Isäntänimi . . . . . . . . . . . : emt-f8a04f66186
Ensisijainen DNS-liite . . . . . :
Solmutyyppi . . . . . . . . . . . : sekoitettu
IP-reititys käytössä . . . . . . : Ei
WINS-välityspalvelin käytössä . . : Ei

Ethernet-sovitin Lähiverkkoyhteys:
Laitteen tila . . . . . . . . . . : Ei kytketty
Kuvaus . . . . . . . . . . . . . : IC Plus IP1000 Family Gigabit Ethernet Adapter
Fyysinen osoite . . . . . . . . . : 00-50-8D-D7-C2-5C

Tunnelisovitin Teredo Tunneling Pseudo-Interface:
Yhteyskohtainen DNS-liite . . . . :
Kuvaus . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Fyysinen osoite . . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
DHCP käytössä . . . . . . . . . . : Ei
IP-osoite . . . . . . . . . . . . : fe80::5445:5245:444f%5
Oletusyhdyskäytävä. . . . . . . . :
NetBIOS TCP/IP:n päällä . . . . . : Ei käytössä

Edited by mcs123, 10 September 2012 - 12:37 PM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,904 posts
  • MVP
I don't see where ipconfig found a valid IP address. How do you connect to the internet?

Once you are connected,

Start, Run, cmd, OK then

ipconfig  /all  >  \junk.txt

notepad  \junk.txt

Copy and paste the text from notepad into a reply.
  • 0

#7
mcs123

mcs123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Oh, sorry. I've had it plugged off the internet for the whole time, since it has been reverted back to SP2 and sorely needs security updates etc. I'm posting from another computer.

Ok, I connected it and ran the ipconfig command. Here are the logs:

edit: provided translations in the parentheses.

------------------------------------------------------------



Windows IP-määritykset (Windows IP Configuration)



Isäntänimi . . . . . . . . . . . : emt-f8a04f66186 (hostname)

Ensisijainen DNS-liite . . . . . : (primary DNS suffix)

Solmutyyppi . . . . . . . . . . . : sekoitettu (node type: mixed)

IP-reititys käytössä . . . . . . : Ei (IP routing enabled: no)

WINS-välityspalvelin käytössä . . : Ei (WINS proxy enabled: no)

DNS-liitteiden etsintäluettelo . : Elisa (don't know how to translate this...
DNS-attachment search catalog or something)


Ethernet-sovitin Lähiverkkoyhteys: (Ethernet-adapted Local Area connection)



Yhteyskohtainen DNS-liite . . . . : Elisa (Connection-specific DNS Suffix)

Kuvaus . . . . . . . . . . . . . : IC Plus IP1000 Family Gigabit Ethernet Adapter (description)

Fyysinen osoite . . . . . . . . . : 00-50-8D-D7-C2-5C (physical address)

DHCP käytössä . . . . . . . . . . : Kyllä (DHCP enabled: yes)

Automaattinen määritys käytössä . : Kyllä (autoconfiguration enbaled: yes)

IP-osoite . . . . . . . . . . . . : 192.168.100.38 (IP address)

Aliverkon peite . . . . . . . . . : 255.255.255.0 (subnet mask)

IP-osoite . . . . . . . . . . . . : fe80::250:8dff:fed7:c25c%4 (IP address)

Oletusyhdyskäytävä. . . . . . . . : 192.168.100.1 (default gateway)

DHCP-palvelin . . . . . . . . . . : 192.168.100.1 (DHCP server)

DNS-palvelimet . . . . . . . . . : 192.168.100.1 (DNS servers)

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Käyttölupa myönnetty . . . . . . : 11. syyskuuta 2012 1:00:25 (Permission granted)

Käyttölupa vanhentuu . . . . . . : 12. syyskuuta 2012 1:00:25 (Permission expires)



Tunnelisovitin Teredo Tunneling Pseudo-Interface: (Tunnel adapter)



Yhteyskohtainen DNS-liite . . . . : (Connection-specific DNS Suffix)

Kuvaus . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface (Description)

Fyysinen osoite . . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF (Physical address)

DHCP käytössä . . . . . . . . . . : Ei (DHCP enabled: no)

IP-osoite . . . . . . . . . . . . : fe80::5445:5245:444f%5 (IP adddress)

Oletusyhdyskäytävä. . . . . . . . : (Default gateway)

NetBIOS TCP/IP:n päällä . . . . . : Ei käytössä (NetBIOS over TCP/IP enabled: no)



Tunnelisovitin Automatic Tunneling Pseudo-Interface: (Tunnel adapter)



Yhteyskohtainen DNS-liite . . . . : Elisa (Connection-specific DNS Suffix)

Kuvaus . . . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface (Description)

Fyysinen osoite . . . . . . . . . : C0-A8-64-26 (Physical address)

DHCP käytössä . . . . . . . . . . : Ei (DHCP enabled: no)

IP-osoite . . . . . . . . . . . . : fe80::5efe:192.168.100.38%2 (IP address)

Oletusyhdyskäytävä. . . . . . . . : (Default gateway)

DNS-palvelimet . . . . . . . . . : fec0:0:0:ffff::1%1 (DNS servers)

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS TCP/IP:n päällä . . . . . : Ei käytössä (NetBIOS over TCP/IP enabled: no)

Edited by mcs123, 10 September 2012 - 06:00 PM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,904 posts
  • MVP
You asked about your firewall settings:

The standard setup is how yours is. If you were part of a Domain the firewall would be Off if you are not part of a Domain it should be On by default but with Comodo you would want it off too. When you reverted back to SP2 Windows turned the firewall back on.

Go in to MSCONFIG and under Startup see if you can find this line and uncheck it.

[MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe


You have some odd registry items that I want to get rid of and also I assumed you would like the msconfig items in Bold removed so I'm going to let Combofix do that.
IF you did not want them removed then remove the lines under File:: and Folder:: before you run the script.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

AtJob::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\documents and settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Käynnistys\Start GeekBuddy.lnk
C:\Documents and Settings\tilapainen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SurfBouncer OpenVPN\bin\openvpn-gui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
c:\windows\SET166.tmp
c:\windows\SET15A.tmp
c:\windows\SET157.tmp

Folder::
c:\program files\AntiLogger
C:\Program Files\D-Tools
C:\Program Files\Zemana AntiMalware

RegNull::
[HKEY_USERS\S-1-5-21-1659004503-854245398-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1112859E-B974-2507-3FC0-A99156EBA95C}*]

RegLock::
[HKEY_USERS\S-1-5-21-1659004503-854245398-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1112859E-B974-2507-3FC0-A99156EBA95C}*]
[HKEY_USERS\S-1-5-21-1659004503-854245398-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1112859E-B974-2507-3FC0-A99156EBA95C}]

Registry::
[-HKEY_USERS\S-1-5-21-1659004503-854245398-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1112859E-B974-2507-3FC0-A99156EBA95C}*]
[-HKEY_USERS\S-1-5-21-1659004503-854245398-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1112859E-B974-2507-3FC0-A99156EBA95C}]

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

I suspect this driver:

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [20.12.2011 18:12 68896]
might possibly trying to phone home. It's Nalpeiron Licensing Service. A background service task which is an integral part of Nalpeiron's copy protection software

I don't know what needs it so am reluctant to remove it but we can try to stop it from running:


Copy the next line:

sc config nlsX86cc start= disabled


Start, Run, cmd, OK to bring up a command window:
Now right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

Reboot and see if it still tries to bring up RAS.

If something is still trying to bring up RAS then you can try msconfig:
Start Run, msconfig, OK
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it still tries to bring up RAS then go back into msconfig and recheck the
things you turned off. If it stops it then go back and turn on a few items each
time until you find the culprit.

If all else fails download Process Monitor http://live.sysinter...com/Procmon.exe

Save it to your desktop and Run Process Monitor.

As soon as it tries to start RAS, File, then uncheck Capture Events. Once it stops, See if you can find a reference to RAS near the bottom of the events.


Now click at the top of the page and then go down to the bottom of the page, hold down the shift key and click on the last line. That should highlight a full page of events.

File, Save, check Highlighted Events then OK. It should save the file to logfile.pml which should be on your desktop. Close Process Monitor. Zip up the logfile.pml and attach it to a Reply. (You can also rename it to logfile.txt and attach it)

Also let's get autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program. File, Save, to your desktop, autoruns.arn, OK

Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it. Do not copy and paste.
  • 0

#9
mcs123

mcs123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Ok, ProcMon logs are attached. It won't let me attach the autoruns log. Says "Error: No file was selected for upload." Could this be because it's 5 mbs large?

Note: My PC seems to boot up normally now, but I noticed it crashes if I try to run certain applications while certain other applications are already running. For example, if ProcMon is running and I try to run Autoruns, it crashes and reboots immediately. Same happened when I had Autoruns open and I tried to run a CD burning software.



ComboFix log:

-------------------------

ComboFix 12-09-09.02 - tilapainen 11.09.2012 3:57.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.358.1035.18.1022.402 [GMT 3:00]
Sijainti: c:\documents and settings\tilapainen\Ty÷p÷ytõ\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\tilapainen\Ty÷p÷ytõ\Cfscript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-08-11 to 2012-09-11 )))))))))))))))))
.
.
2012-09-09 18:05 . 2012-09-09 18:05 -------- d-----w- C:\_OTL
2012-09-07 04:19 . 2005-01-11 17:17 2306304 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2012-09-06 21:25 . 2012-09-06 21:25 -------- d-----w- C:\VritualRoot
2012-09-01 03:49 . 2004-09-15 12:00 79872 -c--a-w- c:\windows\system32\dllcache\rwia001.dll
2012-09-01 03:48 . 2004-09-15 12:00 6144 -c--a-w- c:\windows\system32\dllcache\kbdinpun.dll
2012-09-01 03:47 . 2004-09-15 12:00 56320 -c--a-w- c:\windows\system32\dllcache\convlog.exe
2012-09-01 03:46 . 2004-09-15 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2012-09-01 03:44 . 2004-09-15 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-09-01 03:44 . 2004-09-15 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-09-01 03:25 . 2004-09-15 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-09-01 03:25 . 2004-09-15 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-09-01 03:25 . 2004-09-15 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-09-01 03:25 . 2004-09-15 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-09-01 03:25 . 2004-09-15 12:00 14043 ----a-r- c:\windows\SET166.tmp
2012-09-01 03:25 . 2004-09-15 12:00 1086058 ----a-r- c:\windows\SET15A.tmp
2012-09-01 03:25 . 2004-09-15 12:00 1014139 ----a-r- c:\windows\SET157.tmp
2012-09-01 01:23 . 2012-09-01 01:23 -------- d-----w- c:\documents and settings\Järjestelmänvalvoja.EMT-F8A04F66186\Application Data\SUPERAntiSpyware.com
2012-08-31 23:23 . 2012-08-31 23:23 -------- d-----w- c:\documents and settings\TT\Tracing
2012-08-31 21:58 . 2012-08-31 21:59 -------- d-----w- c:\program files\HitmanPro
2012-08-31 21:57 . 2012-08-31 21:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro
2012-08-31 19:40 . 2012-08-31 19:40 -------- d-----w- c:\documents and settings\tilapainen\Application Data\SUPERAntiSpyware.com
2012-08-31 19:38 . 2012-08-31 19:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-31 19:38 . 2012-08-31 19:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2012-08-31 19:23 . 2012-08-31 19:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-31 18:50 . 2012-08-31 18:50 -------- d-----w- c:\program files\NirSoft
2012-08-31 18:35 . 2012-08-31 18:35 -------- d-----w- c:\program files\Seagate
2012-08-31 18:02 . 2012-08-31 18:02 -------- d-----w- c:\program files\Microsoft.NET
2012-08-31 12:18 . 2012-08-31 12:19 -------- d-----w- c:\program files\CrystalDiskInfo
2012-08-31 12:14 . 2012-08-31 12:14 -------- d-----w- C:\Downloads
2012-08-30 18:29 . 2012-08-30 18:29 -------- d-----w- c:\documents and settings\Järjestelmänvalvoja.EMT-F8A04F66186\Application Data\vlc
2012-08-30 17:39 . 2012-08-30 17:39 -------- d-----w- c:\documents and settings\tilapainen\Application Data\Malwarebytes
2012-08-30 17:38 . 2012-08-30 17:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-08-30 17:38 . 2012-08-30 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-30 17:38 . 2012-07-03 10:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 17:24 . 2012-08-25 02:00 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-30 16:54 . 2012-08-30 16:54 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-08-30 16:54 . 2012-08-30 16:54 -------- d-----w- c:\documents and settings\TT\Local Settings\Application Data\COMODO
2012-08-30 16:54 . 2012-08-30 16:54 -------- d-----w- c:\documents and settings\LocalService.NT-HALLINTA.000\Application Data\TightVNC
2012-08-30 15:46 . 2012-08-30 15:46 -------- d-----w- c:\documents and settings\Järjestelmänvalvoja.EMT-F8A04F66186\Application Data\Malwarebytes
2012-08-30 04:34 . 2012-08-30 04:38 -------- d-----w- c:\windows\system32\NtmsData
2012-08-30 00:55 . 2012-08-30 00:55 -------- d-sh--w- c:\documents and settings\TT\IETldCache
2012-08-29 20:33 . 2012-08-29 20:33 -------- d-----w- c:\documents and settings\tilapainen\Omat tiedostot
2012-08-14 21:31 . 2012-08-14 21:32 -------- d-----w- c:\documents and settings\tilapainen\Local Settings\Application Data\Google
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-08 17:24 . 2012-07-08 17:24 2 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2005-03-31 19:17 . 2006-04-03 13:50 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-08-25 02:01 . 2011-11-11 08:58 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-29 1432064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 271936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-15 110592]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-15 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-09-15 44032]
"SoundMan"="SOUNDMAN.EXE" [2005-01-10 77824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-15 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Käynnistä-valikko^Ohjelmat^Käynnistys^Start GeekBuddy.lnk]
path=c:\documents and settings\All Users.WINDOWS\Käynnistä-valikko\Ohjelmat\Käynnistys\Start GeekBuddy.lnk
backup=c:\windows\pss\Start GeekBuddy.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^tilapainen^Käynnistä-valikko^Ohjelmat^Käynnistys^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\tilapainen\Käynnistä-valikko\Ohjelmat\Käynnistys\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiLogger]
2011-11-28 15:58 2976200 ----a-w- c:\program files\AntiLogger\AntiLogger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 14:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-08-14 21:31 116648 ----atw- c:\documents and settings\tilapainen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
2004-09-15 12:00 208896 ----a-w- c:\windows\inf\unregmp2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
2005-08-18 19:55 99328 ----a-w- c:\program files\SurfBouncer OpenVPN\bin\openvpn-gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-02 10:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZemanaAntiMalware]
2011-09-22 15:16 6430528 ----a-w- c:\program files\Zemana AntiMalware\ZemanaAntiMalware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Warcraft III\\Warcraft III.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Pelit\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\tilapainen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.SYS [17.7.2007 23:40 7680]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [7.10.2011 18:48 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [7.10.2011 18:48 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7.10.2011 18:48 31704]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 19:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13.7.2011 0:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.8.2011 2:38 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30.8.2012 20:38 655944]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [20.12.2011 18:12 68896]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [13.12.2010 18:22 63616]
R3 ipgd;IC Plus IP1000 Family Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\ipgdnd51.sys [17.7.2007 23:45 33408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30.8.2012 20:38 22344]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [13.12.2010 18:22 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [13.12.2010 18:22 117504]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [12.5.2012 22:55 114144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [15.9.2004 15:00 14336]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [18.7.2007 11:59 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
eapsvcs REG_MULTI_SZ
dot3svc REG_MULTI_SZ
.
'Ajoitetut tehtävät'-kansion sisältö
.
2012-09-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 86a31f33-2771-40e0-bf19-220dfd227e8c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Täydentävä tarkistus -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: msn.com
Trusted Zone: passport.com
DPF: {59DBDDA6-9A80-42A4-B824-9BC50CC172F5} - hxxp://www.programchecker.com/dll/nixon.cab
DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} - hxxp://playple.com/viewer/cab/SLViewer.cab
FF - ProfilePath - c:\documents and settings\tilapainen\Application Data\Mozilla\Firefox\Profiles\22u9jtko.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-11 04:09
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
tarkistaa piilotettuja prosesseja ...
.
tarkistaa piilotettuja käynnistysarvoja ...
.
tarkistaa piilotettuja tiedostoja ...
.
tarkistus on valmis
piilotetut tiedostot: 0
.
**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-854245398-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1112859E-B974-2507-3FC0-A99156EBA95C}*]
"iaanhmkdbbcnlaggjf"=hex:69,61,67,65,61,6d,62,63,69,6d,69,61,66,6b,62,68,6e,70,
00,00
"haknceaebpojcipg"=hex:69,61,67,65,61,6d,62,63,69,6d,69,61,66,6b,62,68,6e,70,
00,00
.
--------------------- Prosesseihin ladatut DLLt ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3592)
c:\windows\system32\guard32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(604)
c:\windows\system32\cmdcsr.dll
.
Valmistumisajankohta: 2012-09-11 04:13:01
ComboFix-quarantined-files.txt 2012-09-11 01:12
ComboFix2.txt 2012-09-10 00:55
.
Ennen ajoa: 123 773 702 144 tavua vapaana
Ajon jälkeen: 123 742 470 144 tavua vapaana
.
- - End Of File - - 17BCB547B6A31CC399A28A68E25F288D

Attached Files


Edited by mcs123, 10 September 2012 - 08:49 PM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,904 posts
  • MVP
Process Monitor stores its files in RAM by default so uses up most of the RAM and doesn't leave much room for other things to run.

Can you look in C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk
and tell me what files are there?

I really need the events just before ras tries to run so scroll it so the first ras entry is at the bottom and then capture the page.


Autorun should not be 5 Meg. Once zipped up it should only be about 50 KB and unzipped about 900 KB.
  • 0

Advertisements


#11
mcs123

mcs123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
The files in the Pbk folder were: rasphone.pbk and sharedaccess.ini

I'm not sure if I managed to capture the logs the way you wanted, as there were entries of RasMan at several points, but they seemed to be unrelated to the precise moment when Rasman ran (ie. there were entries where mmc.exe would go through just about every file, with Rasman being one of them). The 1st (of the 3) logs should be closest to the time that Rasman appeared in the event viewer, so maybe it's what you're looking for.

Edit: I couldn't open rasphone.pbk. It gave me an error code regarding remote access connection. I have sometimes used a Huawei Mobile USB modem to connect to the internet. Using the modem always leaves behind a logfile, and I could see that the last time I used the modem had the same time stamp as the last time rasphone.pbk had been modified, so it seems to be related. Though I don't understand why a USB modem would require use of remote access connections.

Attached Files


Edited by mcs123, 10 September 2012 - 10:54 PM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,904 posts
  • MVP
Sorry I did not get back to you yesterday. Was working with another guy on an infected server and finally located the infected file and removed it but lost most of the services when we did. Turned out it had done something to the permissions to some of the files that rpc works with so rpc couldn't start. It seems most services depend on rpc. Anyway it took us until 1:30 in the morning before we got it back to working.

Looking at your case. I would move the files in the pbk folder to another folder. Turns out the pbk folder is supposed to hold RAS's Phone BooK hence the name pbk. I'm hoping that the presence of the phone book is what triggers the attempt to use it. I see it looking there. Just in case that's not it I want to see a dump of the tcpip service:

Copy the next line.

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip > \junk.txt

Start, Run, cmd, ok to bring up a command window. Right click and Paste or Edit then Paste and the copied line will appear. Hit Enter.

Attach the file c:\junk.txt
  • 0

#13
mcs123

mcs123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Sorry I did not get back to you yesterday. Was working with another guy on an infected server and finally located the infected file and removed it but lost most of the services when we did. Turned out it had done something to the permissions to some of the files that rpc works with so rpc couldn't start. It seems most services depend on rpc. Anyway it took us until 1:30 in the morning before we got it back to working.


That's alright! Sounds like you had a lot on your hands.

I would move the files in the pbk folder to another folder. Turns out the pbk folder is supposed to hold RAS's Phone BooK hence the name pbk. I'm hoping that the presence of the phone book is what triggers the attempt to use it.


That indeed seemed to do the trick! RasMan no longer appears on the system events viewer. Thank you.

I have attached the logs anyway, just in case.

Did you see any signs of remote access/backdoor behavior on my system?

Attached Files

  • Attached File  junk.txt   881bytes   22 downloads

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,904 posts
  • MVP
That's good news.

I left off a /s on the reg command. Can you run it again?

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip /s > \junk.txt

I don't see any sign of malware. I expect you have a program that wants to check for updates or to make sure a license is valid and it was getting confused.
  • 0

#15
mcs123

mcs123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

I don't see any sign of malware.


That's a relief. I wonder why Telephony and Rasman started running suddenly after the first crash, though. I was certain some kind of virus/remote access had triggered them. Initially, I suspected that the recent Java exploit might have been behind it, as I noticed Telephony & Rasman were also suddenly running on my other computer (maybe I should include an OTL log from that computer after we've sorted this one out). But if the Java vulnerability had been exploited, it would leave behind some kind of tracks, correct?

And the registry entries regarding the globally open ports are nothing to worry about?

I re-did the command line with /s this time.

Attached Files

  • Attached File  junk.txt   16.28KB   104 downloads

Edited by mcs123, 11 September 2012 - 10:23 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP