View Full Version : Infected (sirefef.ch and mby not only that)
marko1234
2012-01-17, 12:21
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Run by Tea at 11:51:47 on 2012-01-17
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.895.450 [GMT 1:00]
.
AV: ESET Smart Security 4.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=c:\documents and settings\tea\local settings\application data\f1d3e147\X
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\documents and settings\tea\desktop\utorrent.exe"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7DA07B17-F732-47DB-974F-215CA39D72AB} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tea\application data\mozilla\firefox\profiles\zl22bngb.default\
FF - plugin: c:\documents and settings\tea\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-2-22 114984]
R1 zyrljehhlem9;zyrljehhlem9.sys;c:\windows\system32\drivers\zyrljehhlem9.sys [2012-1-11 72704]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-2-22 810120]
R2 SWIHPWMI;SWIHPWMI;c:\program files\hpq\shared\sierra wireless\win32\unicode\SWIHPWMI.exe [2006-12-4 292384]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2011-9-22 20480]
S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 135664]
S2 srenum;srenum;c:\windows\system32\drivers\srenum.sys --> c:\windows\system32\drivers\srenum.sys [?]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 135664]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2007-7-17 35072]
.
=============== Created Last 30 ================
.
2012-01-16 09:38:09 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-11 22:56:20 -------- d-sh--w- c:\documents and settings\tea\local settings\application data\f1d3e147
.
==================== Find3M ====================
.
2012-01-17 01:56:42 90112 ----a-w- c:\windows\DUMP7772.tmp
.
============= FINISH: 11:53:25,01 ===============
p.s. I'm not posting from my infected laptop since I can't open mozzila (or it opens very slowly and when it opens i cant google or anything, infact i cant even get to google (redirects)). I've burnt dds and erunt to CD-ROM, ran it on laptop and burnt back the results... in case its relevant.
oldman960
2012-01-22, 20:16
Hi marko1234, welcome to the forum.
To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
Let's see if we can slow this down enough so you can use the laptop. It will be easier that way. First I'll need the logs from this tool.
On your working computer:
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop and burn it a CD.
On the sick computer:
Transfer OTL to the desktop.
Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Transfer both files to your working computer and post them.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Note: in the event OTL will not run, delete the copy you have from the laptop's desktop and copy a new one from the CD renaming it iexplore.exe
marko1234
2012-01-23, 01:50
Hi, and thanks for replying... here r the logs u requested.
OTL logfile created on: 23.1.2012 1:08:48 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tea\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy
895,23 Mb Total Physical Memory | 323,40 Mb Available Physical Memory | 36,12% Memory free
2,12 Gb Paging File | 1,59 Gb Available in Paging File | 75,21% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101,44 Gb Total Space | 30,56 Gb Free Space | 30,12% Space Free | Partition Type: NTFS
Drive D: | 8,79 Gb Total Space | 0,64 Gb Free Space | 7,32% Space Free | Partition Type: NTFS
Drive F: | 1,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TEA-LAPTOP | User Name: Tea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Tea\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Sierra Wireless Inc.)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2908.16950__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2908.16911__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2908.16962__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2908.16942__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2908.16929__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2908.17117__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2908.17139__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2908.17131__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2908.17098__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2908.17160__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2908.17167__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2908.16956__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2908.16923__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2908.16955__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2908.17105__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2908.17111__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2908.17104__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2908.17124__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2908.16976__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2908.16930__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2908.16969__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2908.17132__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2908.17099__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2908.17059__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2908.17092__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2908.17063__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2908.17091__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2908.17177__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2908.16901__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2908.16937__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2908.17152__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2908.17150__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2908.16903__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2908.16918__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2908.16903__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2908.16902__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2908.16901__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2908.17151__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
========== Win32 Services (SafeList) ==========
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (qbposdbservices) -- C:\WINDOWS\system32\isdrv120.dll (Iomega)
SRV - (SWIHPWMI) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Sierra Wireless Inc.)
========== Driver Services (SafeList) ==========
DRV - (zyrljehhlem9) -- C:\WINDOWS\System32\drivers\zyrljehhlem9.sys ()
DRV - (ndisrd) -- C:\WINDOWS\system32\drivers\ndisrd.sys (NT Kernel Resources)
DRV - (MRxSmb) -- C:\WINDOWS\system32\drivers\mrxsmb.sys ()
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HP24X) -- C:\WINDOWS\system32\drivers\HP24X.sys (Hewlett Packard)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tea\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.03 09:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.22 09:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.04.11 16:11:46 | 000,000,000 | ---D | M]
[2010.04.11 16:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Extensions
[2012.01.18 12:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions
[2011.04.05 22:05:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.19 18:22:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.05 22:05:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.01.17 12:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.11.09 15:00:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.04.11 22:34:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.13 10:45:24 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010.10.13 10:45:24 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010.10.13 10:45:24 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2010.10.13 10:45:25 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Tea\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_JamesWhite = C:\Documents and Settings\Tea\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
O1 HOSTS File: ([2012.01.15 17:09:55 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [uTorrent] "C:\Documents and Settings\Tea\Desktop\utorrent.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DA07B17-F732-47DB-974F-215CA39D72AB}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147\X) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Pozadina radne površine.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Pozadina radne površine.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.11 13:26:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O32 - AutoRun File - [2011.10.25 07:09:02 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{31dcc708-e5ab-11df-831c-001a73788250}\Shell\AutoRun\command - "" = E:\urDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.01.23 01:07:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
[2012.01.17 11:57:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.01.17 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012.01.17 11:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012.01.17 11:51:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tea\Start Menu\Programs\Administrative Tools
[2012.01.17 11:51:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tea\Desktop\erunt-setup.exe
[2012.01.17 11:51:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Tea\Desktop\dds.scr
[2012.01.17 02:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012.01.16 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012.01.14 10:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Desktop\Riki 2-7mj
[2012.01.12 09:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012.01.11 23:56:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.01.23 01:08:58 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.23 01:08:58 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.23 01:05:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.23 01:04:40 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.23 01:04:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.23 01:04:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
[2012.01.17 12:21:18 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.17 11:57:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ERUNT.lnk
[2012.01.17 11:56:37 | 000,007,597 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ddslog.zip
[2012.01.17 11:50:07 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012.01.17 02:58:41 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tea\Desktop\erunt-setup.exe
[2012.01.17 02:57:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Tea\Desktop\dds.scr
[2012.01.15 17:09:55 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.01.14 10:22:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.11 12:14:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.01.08 21:36:18 | 000,123,392 | ---- | M] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.01.17 11:57:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ERUNT.lnk
[2012.01.17 11:56:37 | 000,007,597 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ddslog.zip
[2012.01.16 10:38:09 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2011.09.27 16:42:36 | 000,044,832 | ---- | C] () -- C:\WINDOWS\System32\epfwdata.bin
[2011.05.30 05:55:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\{ACBFB8EE-A683-43AD-AC5B-B379A4A85257}
[2011.03.28 20:54:11 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.12.08 14:18:00 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Tea\Application Data\winscp.rnd
[2010.04.14 09:13:33 | 000,123,392 | ---- | C] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.11 21:16:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.04.11 17:23:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.11 16:00:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.04.11 15:12:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.04.11 15:10:52 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.11 13:29:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.04.11 13:23:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.04.14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 13:00:00 | 000,455,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008.04.14 13:00:00 | 000,435,594 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 13:00:00 | 000,068,490 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.12.18 09:25:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007.12.18 09:25:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007.12.18 09:25:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.11.27 14:34:14 | 000,160,289 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007.02.06 14:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.02.06 13:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2010.07.02 12:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrystalIdea Software
[2010.04.11 16:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.04.11 13:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010.04.12 13:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010.07.22 20:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.14 15:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\BSplayer PRO
[2010.04.14 10:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.04.11 16:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\ESET
[2010.04.25 22:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\Facebook
[2011.03.07 21:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\uTorrent
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 23.1.2012 1:08:48 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tea\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy
895,23 Mb Total Physical Memory | 323,40 Mb Available Physical Memory | 36,12% Memory free
2,12 Gb Paging File | 1,59 Gb Available in Paging File | 75,21% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101,44 Gb Total Space | 30,56 Gb Free Space | 30,12% Space Free | Partition Type: NTFS
Drive D: | 8,79 Gb Total Space | 0,64 Gb Free Space | 7,32% Space Free | Partition Type: NTFS
Drive F: | 1,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TEA-LAPTOP | User Name: Tea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"25489:TCP" = 25489:TCP:*:Enabled:System38
"18292:TCP" = 18292:TCP:*:Enabled:System38
"23295:TCP" = 23295:TCP:*:Enabled:System38
"34138:TCP" = 34138:TCP:*:Enabled:System38
"23917:TCP" = 23917:TCP:*:Enabled:System38
"19815:TCP" = 19815:TCP:*:Enabled:System38
"36209:TCP" = 36209:TCP:*:Enabled:System38
"35433:TCP" = 35433:TCP:*:Enabled:System38
"9536:TCP" = 9536:TCP:*:Enabled:System38
"18224:TCP" = 18224:TCP:*:Enabled:System38
"30578:TCP" = 30578:TCP:*:Enabled:System38
"10826:TCP" = 10826:TCP:*:Enabled:System38
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Tea\Desktop\utorrent.exe" = C:\Documents and Settings\Tea\Desktop\utorrent.exe:*:Enabled:µTorrent
"C:\Documents and Settings\Tea\Desktop\COD\Call of Duty 1.5 + United Offensive\Call of Duty\CoDUOMP.exe" = C:\Documents and Settings\Tea\Desktop\COD\Call of Duty 1.5 + United Offensive\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP -- ()
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{11A7769F-6706-3191-9A9A-6B4AB0F56419}" = Catalyst Control Center Localization Norwegian
"{169F0A86-B4E2-E0D0-9623-4982A9C48C93}" = CCC Help Chinese Traditional
"{177775EF-DF8B-D947-0B51-D14ED1F836C5}" = Catalyst Control Center Localization Czech
"{183C2621-49ED-C3F3-6FFF-4807079E1AC0}" = CCC Help Thai
"{189DC77B-7B5B-0547-276B-C026EF0C757C}" = ccc-core-preinstall
"{1D8135C3-46FA-77E4-E645-405BD62DDAB9}" = Catalyst Control Center Localization Turkish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209DC8F3-20D6-56D1-3EDA-04792A59589D}" = CCC Help Greek
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{2A0AF7BE-CB9C-D902-676E-B3DAEECB6B2D}" = Catalyst Control Center Localization Korean
"{2B9A8E7E-CDE6-D723-3521-B6D4784FFBEA}" = Catalyst Control Center Localization Japanese
"{2D0A84FC-2178-131A-7563-705200BDFF20}" = CCC Help Polish
"{2EE6086A-2926-66A7-2B60-42FB259D95B7}" = Catalyst Control Center Localization Russian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33B75044-54B4-5AB4-7A19-7B9D77BF2285}" = Catalyst Control Center Localization Greek
"{33E58EE4-0E59-0017-78D0-D56FD3594770}" = CCC Help Korean
"{342BE86B-31F5-6E7E-A1CB-87BA5272BC2C}" = Catalyst Control Center Localization Hungarian
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{36807E1C-C7F5-CCF7-3617-F41837DECAF7}" = CCC Help Danish
"{3A8B8170-7321-E5FC-0047-74F9F5D21B25}" = Catalyst Control Center Localization Thai
"{3F93B2BA-18EC-462B-9ACD-396599353EE1}" = Catalyst Control Center - Branding
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D1E0AA2-3B34-6940-3663-0E255EFBBF63}" = CCC Help Portuguese
"{517459C1-A2C2-7641-AA71-4E7E98B5E8A9}" = CCC Help Spanish
"{53B35D1A-B93A-C389-409B-EEBC68D82861}" = Catalyst Control Center Core Implementation
"{540EA3CE-1229-5702-929D-A67E6331AC39}" = CCC Help Norwegian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A721E61-FBDE-9422-3C64-17D918C7196B}" = Catalyst Control Center Localization German
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F74F1E5-C4DF-7A18-3C11-A47382FFA660}" = CCC Help Swedish
"{611CB353-FEC0-1245-1859-B169344D1454}" = CCC Help Japanese
"{751CCF7A-CFF6-4A4B-9119-D4448D87B025}" = ESET Smart Security
"{77F38DEB-140F-0B24-52C4-6B385127CB1F}" = Catalyst Control Center Localization Finnish
"{79AAA8E0-B47C-EDAB-826E-C498AA4857CE}" = CCC Help Finnish
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89B65CDA-DC1B-C5B3-73DF-3CFF4A19A588}" = CCC Help German
"{8C74846F-56C1-7CA1-14BF-B7A87F7A0CA7}" = Catalyst Control Center Localization Dutch
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CEA4C7D0-ABBE-4074-A488-173BB382CDFF}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907E8FCC-ACB6-8F7D-9930-8C95F1DC7D87}" = ccc-utility
"{90A2E630-72EA-3309-6B02-9307C795345C}" = CCC Help Russian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A00E6A54-A3B5-7FCD-5DBA-4BFAB5B2DBD7}" = Catalyst Control Center Localization Italian
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A21A1F07-8EE5-1DC3-74E5-73AF089B5722}" = Catalyst Control Center Localization Polish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A843E814-9178-6F3F-E821-9094D33128F5}" = Catalyst Control Center Graphics Full New
"{A893EF27-F743-D48F-3971-ABD33A2A0902}" = CCC Help French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0CBF76-BD8E-48C0-AE32-31684A629836}" = HP Broadband Wireless Modules
"{AA3D13A1-2373-6638-8398-FBDA07FAC464}" = CCC Help Turkish
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF0EC284-33B6-9100-E851-B64FDC070429}" = Catalyst Control Center Localization French
"{B1463859-54D3-03C0-2D87-04D15A4B5D06}" = Catalyst Control Center Localization Chinese Traditional
"{B15AC518-1C5D-D41F-37CA-768851B11FAB}" = Catalyst Control Center Localization Swedish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BC1584FD-B945-E401-7C34-929964DE9E24}" = CCC Help Chinese Standard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C443C2F5-CBEC-1299-3A60-6C3C9965EF5A}" = CCC Help Czech
"{C594294F-E38B-FB39-4C3B-E97EFCE3AC0D}" = Catalyst Control Center Localization Danish
"{C97636B2-42D2-C8C0-CDD8-4A323CF6BC5C}" = CCC Help Italian
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDA1ADA3-BBB4-4250-B272-AC21C78C3968}" = HP PCMCIA Smart Card Reader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0F7BFE-61D8-E7B8-6F99-F5E149B89051}" = Catalyst Control Center Localization Portuguese
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D7BE4FF6-24E1-3E12-D6D0-C76F26F31327}" = Catalyst Control Center Graphics Light
"{DFDE44B2-4E88-9B2D-75B6-945635C665DF}" = Catalyst Control Center Localization Spanish
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E634B696-8333-8216-6415-86272864894F}" = ccc-core-static
"{E78A17B7-B3E7-045B-820D-5DCE2541DEBC}" = CCC Help English
"{E978DAC8-F978-B81D-0BA1-9A566A79A7A6}" = CCC Help Hungarian
"{E9A82610-AD0E-F189-1F41-95996BC15794}" = Catalyst Control Center Graphics Full Existing
"{EB36FA85-8004-D358-601C-542FE3A2A77C}" = CCC Help Dutch
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6F6B40D-6477-87E2-3899-AF53366D84D2}" = Catalyst Control Center Localization Chinese Standard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BSPlayerp" = BS.Player PRO
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PKR" = PKR
"Sweet Home 3D_is1" = Sweet Home 3D version 3.2
"Uninstall Tool_is1" = Uninstall Tool
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR arhiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.6.2011 19:41:06 | Computer Name = TEA-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application pokerapp.exe, version 1.0.0.1, faulting module
pokerapp.exe, version 1.0.0.1, fault address 0x007a423a.
[ System Events ]
Error - 18.1.2012 20:21:06 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 18.1.2012 20:21:06 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 22.1.2012 20:04:46 | Computer Name = TEA-LAPTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'Desktop.ini' on the volume 'HarddiskVolume2'. It has
stopped monitoring the volume.
Error - 22.1.2012 20:05:08 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The srenum service failed to start due to the following error: %%2
Error - 22.1.2012 20:05:17 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 22.1.2012 20:05:12 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 22.1.2012 20:05:12 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 22.1.2012 20:05:13 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 22.1.2012 20:05:13 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
Error - 22.1.2012 20:05:13 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127
< End of report >
oldman960
2012-01-23, 04:07
Hi marko1234,
We'll need a bigger club to clean this machine but let's see about getting online with it. After this fix see you can post the log using the sick computer.
On the working computer:
Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
:Reg
:PROCESSES
killallprocesses
:Services
zyrljehhlem9
:Files
C:\WINDOWS\System32\drivers\zyrljehhlem9.sys
dir /s "C:\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147" /c
ipconfig /flushdns /c
:OTL
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147\X) - File not found
:Commands
[createrestorepoint]
in notepad go to FILE > SAVE AS and in the dropdown box, set the top box SAVE IN to desktop
in the FILE NAME box type (including the " " marks), "scan.txt"
Click save.
Burn the file to a CD.
transfer scan.txt to the infected computer's desktop
open OTL
double click in the white window at the bottom
a message will appear asking if you want to load a custom scan, click yes
navigate to where you saved the notepad scan.txt and click on it
click open
the text should appear in the window.
Click the Run Fix button
Please post the log produced.
marko1234
2012-01-23, 04:29
Im posting this from my working PC since things got a whole lot worse after that fix :/ i managed to open mozzila and google opened... searched safer networking and as soon as i clicked it... mozzilla crashed... Internet Security 2012 popped out... now i cant open anything (mozzila, chrome, ie), aslo I barely managed to copy paste the code since notepad was closing all the time... now i got bluescreen of death and comp restarted... here's the log
========== REGISTRY ==========
========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Error: Unable to stop service zyrljehhlem9!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zyrljehhlem9 deleted successfully.
========== FILES ==========
Item C:\WINDOWS\System32\drivers\ is whitelisted and cannot be moved.
< dir /s "C:\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147" /c >
Volume in drive C has no label.
Volume Serial Number is B08D-6DA9
Directory of C:\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147\U
16.01.2012 10:37 3.072 000000c0.@
12.01.2012 08:47 3.072 000000cb.@
12.01.2012 08:52 1.536 000000cf.@
3 File(s) 7.680 bytes
Total Files Listed:
3 File(s) 7.680 bytes
0 Dir(s) 32.848.101.376 bytes free
C:\Documents and Settings\Tea\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Tea\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Tea\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Tea\Desktop\cmd.txt deleted successfully.
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147\X deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.31.0 log created on 01232012_041546
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
marko1234
2012-01-23, 04:30
also as soon as i rebooted after running the fix my nod32 warned me about sirefef.ch again ... (needs to reboot to remove it... i reboot, same story)
marko1234
2012-01-23, 11:20
hm i started my laptop... and got "iesecurity.exe encountered a problem and needs to close..." you know that SEND, DONT SEND report window. that happens every time i start laptop from the fix. i can open mozzila, chrome but internet is soooooooooo slow.... its opening forums.spybot. info for 20 mins already... guess it will fail
oldman960
2012-01-23, 12:01
Hi marko1234,
You have multiple infections and seems like we may have annoyed one of them. Let's see how deep this goes.
We'll use a CD that we will make bootable. We also need a USB flashdrive that has some space on it. We will not be changing any of the data on the usb device just using it for a file.
You will also need to use FireFox to download a file as Internet Explorer seems to mangle the download.
If you have an problems with these steps please let me know. These may look complicated but it's fairly straight forward and for the most part automated.
On your working computer
Download GETxPUD.exe (http://noahdfear.net/downloads/GETxPUD.exe) to the desktop of your clean computer
Run GETxPUD.exe by double clicking it. (right click and run as adminstrator if you are using Vista or Win7)
A new folder will appear on the desktop.
Open the GETxPUD folder and click on the get&burn.bat
The program will download xpud_0.9.2.iso, and when finished, it will open BurnCDCC which will be ready to burn the image.
Click on Start and follow the prompts to burn the image to a CD
Using FireFox, please download and save dumpit (http://noahdfear.net/downloads/dumpit) to your usb device.
You may want to print out this part as you will not be able to view these instructions.
Attach the usb device to the sick computer
Boot the infected computer with the CD you just burned
with the CD in the computer, restart the computer
The computer must be set to boot from the CD,depending on your computer you can either do this by pressing F12 and selecting the CD as the first boot option or it can be set in the BIOS
Once you have the computer set to boot from the CD allow it to boot
A Welcome to xPUD screen will appear
Click on File
Expand mnt
sda1,2...usually corresponds to your HDD
sdb1 is likely your USB
Click on the folder that represents your USB drive (sdb1 ?)
(you will be able to tell if it the right one as the screen will populate with your files)
Locate the file you downloaded and saved earlier, dumpit
double click it to run it
a black window will open, follow the instructions to close the window when it's finished
a file called MBR.zip should now be placed in the right hand panel
Click the Home icon at top
Remove the CD and click Power off
You can either restar the computer or just shut it off.]
Transfer the usb device to your other computer and please attach the MBR.zip file to your next reply.
Thanks
marko1234
2012-01-23, 15:19
Done... first two times i tried i got to "A Welcome to xPUD screen will appear"
and got to choose language... i would chose english and the comp would crash... third time was the charm :)
oldman960
2012-01-23, 17:39
Hi marko1234,
Good job in getting xPUD to run. Everthing is ok in that area. Let's see if we can sneak up on this.
You can run this tool directly from your flashdrive or transfer it to the sick computer's desktop. The important thing is to rename it before you download it.
Please read through the instructions to familarize youself with what to expect when the tool runs.
It is vitally important that combofix is renamed before it is even started to download
Please download ComboFix from Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)or Link 2 (http://www.infospyware.net/antimalware/combofix/) to your flashdrive.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to "Always ask me where to Save the files".
During the download, before you save it to your desktop, rename Combofix to jgh.exe
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Double click on ComboFix.exe (jgh.exe in your case) & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.[/b]
Please post back with
combofix log
How is the computer?
Thanks
marko1234
2012-01-23, 18:41
I'm posting this log from my "infected" laptop. quotation marks r because it all runs smoothly now... any more tests/scans you want me to do? :)
ComboFix 12-01-23.02 - Tea 23.01.2012 18:23:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.895.541 [GMT 1:00]
Running from: c:\documents and settings\Tea\Desktop\jgh.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\isecurity.exe
c:\documents and settings\Tea\Local Settings\Application Data\f1d3e147\U
c:\documents and settings\Tea\Local Settings\Application Data\f1d3e147\U\000000c0.@
c:\documents and settings\Tea\Local Settings\Application Data\f1d3e147\U\000000cb.@
c:\documents and settings\Tea\Local Settings\Application Data\f1d3e147\U\000000cf.@
c:\documents and settings\Tea\WINDOWS
c:\windows\$NtUninstallKB61291$
c:\windows\$NtUninstallKB61291$\1299035141
c:\windows\$NtUninstallKB61291$\4057194823\@
c:\windows\$NtUninstallKB61291$\4057194823\L\ouevqxqi
c:\windows\$NtUninstallKB61291$\4057194823\loader.tlb
c:\windows\$NtUninstallKB61291$\4057194823\U\@00000001
c:\windows\$NtUninstallKB61291$\4057194823\U\@000000c0
c:\windows\$NtUninstallKB61291$\4057194823\U\@000000cb
c:\windows\$NtUninstallKB61291$\4057194823\U\@000000cf
c:\windows\$NtUninstallKB61291$\4057194823\U\@80000000
c:\windows\$NtUninstallKB61291$\4057194823\U\@800000c0
c:\windows\$NtUninstallKB61291$\4057194823\U\@800000cb
c:\windows\$NtUninstallKB61291$\4057194823\U\@800000cf
c:\windows\system32\isdrv120.dll
c:\windows\XSxS
D:\Autorun.inf
.
c:\windows\system32\drivers\zyrljehhlem9.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_qbposdbservices
-------\Service_qbposdbservices
.
.
((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-23 10:33 . 2012-01-23 10:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-23 03:15 . 2012-01-23 03:15 -------- d-----w- C:\_OTL
2012-01-17 10:57 . 2012-01-17 10:57 -------- d-----w- c:\program files\ERUNT
2012-01-17 01:49 . 2012-01-17 01:49 -------- d-----w- c:\documents and settings\Administrator
2012-01-16 09:38 . 2012-01-23 17:06 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-11 22:56 . 2012-01-23 17:29 -------- d-sh--w- c:\documents and settings\Tea\Local Settings\Application Data\f1d3e147
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 01:56 . 2010-04-11 14:02 90112 ----a-w- c:\windows\DUMP7772.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-22 2140880]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Tea\\Desktop\\COD\\Call of Duty 1.5 + United Offensive\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25489:TCP"= 25489:TCP:System38
"18292:TCP"= 18292:TCP:System38
"23295:TCP"= 23295:TCP:System38
"34138:TCP"= 34138:TCP:System38
"23917:TCP"= 23917:TCP:System38
"19815:TCP"= 19815:TCP:System38
"36209:TCP"= 36209:TCP:System38
"35433:TCP"= 35433:TCP:System38
"9536:TCP"= 9536:TCP:System38
"18224:TCP"= 18224:TCP:System38
"30578:TCP"= 30578:TCP:System38
"16368:TCP"= 16368:TCP:System38
"36491:TCP"= 36491:TCP:System38
"33902:TCP"= 33902:TCP:System38
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [22.2.2010 15:50 114984]
R1 zyrljehhlem9;zyrljehhlem9.sys;c:\windows\system32\drivers\zyrljehhlem9.sys [11.1.2012 23:56 72704]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.2.2010 15:50 810120]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [4.12.2006 15:13 292384]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [22.9.2011 20:01 20480]
S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.4.2010 17:31 135664]
S2 srenum;srenum;c:\windows\system32\DRIVERS\srenum.sys --> c:\windows\system32\DRIVERS\srenum.sys [?]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30.4.2010 17:31 135664]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [17.7.2007 0:24 35072]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qbposdbservices
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:31]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-uTorrent - c:\documents and settings\Tea\Desktop\utorrent.exe
HKCU-Run-Internet Security 2012 - c:\documents and settings\All Users\Application Data\isecurity.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-23 18:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\drivers\zyrljehhlem9.sys 72704 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1772)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2624)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2012-01-23 18:38:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-23 17:38
.
Pre-Run: 36.107.243.520 bytes free
Post-Run: 36.053.757.952 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 25E227BD8B103551BE5C826505E99324
oldman960
2012-01-23, 23:41
Hi marko1234,
Good we can work directly on the computer now.
Your system has been infected by one or more Rootkits/Backdoor Trojans.
I strongly suggest you do the following immediately:
From a known clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
µTorrent
You have µTorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.
References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx (http://www.microsoft.com/windows/ie/community/columns/protection.mspx)
http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm (http://www.internetworldstats.com/articles/art053.htm)
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
I need some information on a unidentified file. We will use Virustotal Please submit these files for analysis
To submit a file to virustotal, please click on this link
VirusTotal (www.virustotal.com)
copy and paste the following into the upload a file box
C:\WINDOWS\System32\drivers\zyrljehhlem9.sys
scroll down a bit and click "send file", wait for the results and post them in your next reply.
Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete.
Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :
:Services
:Files
C:\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147
c:\windows\DUMP7772.tmp
:Commands
[purity]
[createrestorepoint]
Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
Next
Open OTL if it's not open. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zyrljehhlem9 /s
/md5start
zyrljehhlem9.*
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window. OTL.Txt no Extras.Txt this time.
Please post back with
VirusTotal results
OTL fix log
OTL.txt
Still running ok?
Thanks
marko1234
2012-01-23, 23:54
hmmmm... kinda ran into a problem... after that combofix everything was working smoothly, I shut the laptop down when i went out... i came back just now and turned it on... the problem is my WLAN is disabled... windows say "you can enable it in device manager"... i went to device manager and it seems driver for my WLAN was deleted (maybe by combofix?!)... im currently downloading driver and will try to install it on my laptop and do all these things u just said
marko1234
2012-01-23, 23:59
also my laptop now doesnt recognize my usb... i tried 2 different ports and nothing, then back to my working pc (recognizes it immediately). I also want to point out that i already used this usb with my laptop for xPUD... dont know if this all is relevant but i wanted to let you know :)
marko1234
2012-01-24, 00:10
ok the weirdest thing just happened... nothing worked... i couldnt even restart/shut down, then i held the turn off button for 5 sec and shut it down by force. turned it on and now everything is working fine so i guess u can disregard those 2 last posts of mine. I'll start doing these things u wrote.
marko1234
2012-01-24, 00:57
when i copy paste the C:\WINDOWS\System32\drivers\zyrljehhlem9.sys into that upload box it just gets to drivers... so i went on and checked manually... couldnt find zyrljehhlem9.sys even after i turned on See hidden files and folders option. so couldnt scan it with virustotal (mby combofix removed it?!)
-------OTL fix log-------
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147 folder moved successfully.
c:\windows\DUMP7772.tmp moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.31.0 log created on 01242012_002932
------OTL.txt-----
OTL logfile created on: 24.1.2012 0:47:34 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tea\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy
895,23 Mb Total Physical Memory | 301,77 Mb Available Physical Memory | 33,71% Memory free
2,12 Gb Paging File | 1,60 Gb Available in Paging File | 75,49% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101,44 Gb Total Space | 32,84 Gb Free Space | 32,37% Space Free | Partition Type: NTFS
Drive D: | 8,79 Gb Total Space | 0,63 Gb Free Space | 7,23% Space Free | Partition Type: NTFS
Computer Name: TEA-LAPTOP | User Name: Tea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Tea\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Sierra Wireless Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2908.16950__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2908.16911__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2908.16962__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2908.16942__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2908.16929__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2908.17117__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2908.17139__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2908.17131__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2908.17098__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2908.17160__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2908.17167__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2908.16956__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2908.16923__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2908.16955__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2908.17105__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2908.17111__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2908.17104__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2908.17124__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2908.16976__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2908.16930__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2908.16969__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2908.17132__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2908.17099__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2908.17059__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2908.17092__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2908.17063__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2908.17091__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2908.17177__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2908.16901__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2908.16937__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2908.17152__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2908.17150__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2908.16903__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2908.16918__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2908.16903__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2908.16902__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2908.16901__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2908.17151__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\system32\btwicons.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
========== Win32 Services (SafeList) ==========
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (SWIHPWMI) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe (Sierra Wireless Inc.)
========== Driver Services (SafeList) ==========
DRV - (zyrljehhlem9) -- C:\WINDOWS\System32\drivers\zyrljehhlem9.sys ()
DRV - (ndisrd) -- C:\WINDOWS\system32\drivers\ndisrd.sys (NT Kernel Resources)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HP24X) -- C:\WINDOWS\system32\drivers\HP24X.sys (Hewlett Packard)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tea\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.24 00:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.24 00:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.04.11 16:11:46 | 000,000,000 | ---D | M]
[2010.04.11 16:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Extensions
[2012.01.24 00:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions
[2011.04.05 22:05:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.23 04:31:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.01.23 04:31:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.01.24 00:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.24 00:41:31 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.24 00:41:25 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.01.24 00:41:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.24 00:41:25 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.01.24 00:41:25 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2012.01.24 00:41:25 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Tea\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_JamesWhite = C:\Documents and Settings\Tea\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
O1 HOSTS File: ([2012.01.23 18:32:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DA07B17-F732-47DB-974F-215CA39D72AB}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Pozadina radne površine.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Pozadina radne površine.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.11 13:26:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.01.23 23:49:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.01.23 18:13:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.01.23 18:13:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.01.23 18:13:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.01.23 18:13:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.01.23 18:13:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.23 18:11:42 | 004,388,468 | R--- | C] (Swearware) -- C:\Documents and Settings\Tea\Desktop\jgh.exe
[2012.01.23 15:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Desktop\PVR
[2012.01.23 11:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012.01.23 04:15:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.23 01:07:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
[2012.01.17 11:57:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.01.17 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012.01.17 11:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012.01.17 11:51:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tea\Start Menu\Programs\Administrative Tools
[2012.01.17 11:51:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tea\Desktop\erunt-setup.exe
[2012.01.17 11:51:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Tea\Desktop\dds.scr
[2012.01.17 02:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012.01.16 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012.01.14 10:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Desktop\Riki 2-7mj
[2012.01.12 09:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.01.24 00:44:12 | 000,436,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.24 00:44:12 | 000,068,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.24 00:40:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.24 00:39:52 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.24 00:39:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.24 00:20:01 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.23 18:45:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.01.23 18:32:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.01.23 18:08:16 | 004,388,468 | R--- | M] (Swearware) -- C:\Documents and Settings\Tea\Desktop\jgh.exe
[2012.01.23 18:06:54 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012.01.23 15:00:34 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.23 04:21:07 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Internet Security 2012.lnk
[2012.01.23 04:12:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.23 01:04:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
[2012.01.17 11:57:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ERUNT.lnk
[2012.01.17 11:56:37 | 000,007,597 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ddslog.zip
[2012.01.17 02:58:41 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tea\Desktop\erunt-setup.exe
[2012.01.17 02:57:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Tea\Desktop\dds.scr
[2012.01.11 12:14:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.01.24 00:41:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.23 18:13:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.23 18:13:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.23 18:13:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.23 18:13:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.23 18:13:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.01.23 04:21:06 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Internet Security 2012.lnk
[2012.01.17 11:57:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ERUNT.lnk
[2012.01.17 11:56:37 | 000,007,597 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ddslog.zip
[2012.01.16 10:38:09 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2011.09.27 16:42:36 | 000,044,832 | ---- | C] () -- C:\WINDOWS\System32\epfwdata.bin
[2011.05.30 05:55:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\{ACBFB8EE-A683-43AD-AC5B-B379A4A85257}
[2011.03.28 20:54:11 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.12.08 14:18:00 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Tea\Application Data\winscp.rnd
[2010.04.14 09:13:33 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.11 21:16:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.04.11 17:23:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.11 16:00:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.04.11 15:12:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.04.11 15:10:52 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.11 13:29:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.04.11 13:23:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.04.14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 13:00:00 | 000,436,042 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 13:00:00 | 000,068,938 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.12.18 09:25:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007.12.18 09:25:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007.12.18 09:25:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.11.27 14:34:14 | 000,160,289 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007.02.06 14:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.02.06 13:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2010.07.02 12:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrystalIdea Software
[2010.04.11 16:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.04.11 13:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010.04.12 13:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010.07.22 20:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.14 15:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\BSplayer PRO
[2010.04.14 10:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.04.11 16:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\ESET
[2010.04.25 22:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\Facebook
[2011.03.07 21:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zyrljehhlem9 /s >
"ErrorControl" = 0
"Group" = Filter
"Start" = 1
"Type" = 1
"DisplayName" = zyrljehhlem9.sys
"ImagePath" = system32\drivers\zyrljehhlem9.sys -- [2012.01.11 23:56:23 | 000,072,704 | ---- | M] ()
"hwsht" = 01 00 [binary data]
"hwbcr" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zyrljehhlem9\Enum]
"0" = Root\LEGACY_ZYRLJEHHLEM9\0000
"Count" = 1
"NextInstance" = 1
[2012.01.23 18:45:35 | 000,000,000 | ---D | M][b] Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\
< End of report >
p.s. while doing the last scan with otl my laptops power cord fell out and the laptop shut down. i reran the scan (hope its ok)
oldman960
2012-01-24, 03:14
Hi marko1234,
I'm trying to find a way to have a look at the file. Thanks for your patience. Be back ASAP.
Thaks
oldman960
2012-01-24, 04:31
Hi marko1234,
We'll be using combofix (jgh.exe) again but running it differently.
Please follow all previous instructions regarding security programs.
Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
Killall::
Rootkit::
c:\windows\system32\drivers\zyrljehhlem9.sys
Driver::
zyrljehhlem9
NetSvc::
qbposdbservices
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"25489:TCP"=-
"18292:TCP"=-
"23295:TCP"=-
"34138:TCP"=-
"23917:TCP"=-
"19815:TCP"=-
"36209:TCP"=-
"35433:TCP"=-
"9536:TCP"=-
"18224:TCP"=-
"30578:TCP"=-
"16368:TCP"=-
"36491:TCP"=-
"33902:TCP"=-
In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.
This will start ComboFix again.Close all browser/windows first.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Please post back with the combofix log.
Everything still ok?
marko1234
2012-01-24, 11:54
The combo fix log was too long so I attached it. I think everything is running fine... only strange thing is that when i boot my comp that xp logo strangely fades in... with some freezes... i guess its nothing but that started to happen from the infection :P anything else u want me to do?
Thanks
oldman960
2012-01-24, 13:26
Hi marko1234,
Please open windows explorer (right click the start button and click explore)
navigate to this folder C:\Qoobox
in the right hand panel locate this file ComboFix-quarantined-files.txt
please post it's contents in your next reply
Your java is out of date. Click your start button, open Control panel.
Locate the Java icon (it looks like a coffee cup)
double click it to open it
click the Update tab
Click update now
Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :
:Services
:Reg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25292:TCP"=-
"7244:TCP"=-
:Commands
[emptytemp]
[createrestorepoint]
Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
Next
Download and save to your desktop Malwarebytes Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Please post back with
ComboFix-quarantined-files.txt
OTL fix log
MBAM log
Thanks
marko1234
2012-01-24, 15:00
Im having serious and annoying problems with my laptop ... i've just restarted him for a 10x time and now finally my wlan is working... dont know why. but when i shut it down and turn it on, my wlan is off, laptop isnt detecting usb drives, sometimes cant even shut it down (start->shutdown/restart) so i have to shut it down by force. then after a lot of shut downs, one time it works :/
ComboFix-quarantined-files.txt
2012-01-24 10:32:27 . 2012-01-24 10:32:27 43,805 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\__.zip
2012-01-24 10:30:52 . 2012-01-24 10:30:52 14,378 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_zyrljehhlem9.reg.dat
2012-01-24 10:30:52 . 2012-01-24 10:30:52 1,340 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ZYRLJEHHLEM9.reg.dat
2012-01-24 10:27:09 . 2012-01-24 10:27:09 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-01-23 17:37:25 . 2012-01-23 17:37:25 178 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Internet Security 2012.reg.dat
2012-01-23 17:37:25 . 2012-01-23 17:37:25 152 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-uTorrent.reg.dat
2012-01-23 17:32:40 . 2011-10-25 06:09:02 90 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2012-01-23 17:29:33 . 2012-01-23 17:29:33 222 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\_1299035141_.zip
2012-01-23 17:29:29 . 2012-01-23 17:29:29 3,676 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_qbposdbservices.reg.dat
2012-01-23 17:29:29 . 2012-01-23 17:29:29 1,138 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_qbposdbservices.reg.dat
2012-01-23 17:28:22 . 2012-01-24 10:30:46 6,417 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-01-23 17:17:42 . 2012-01-23 17:17:42 1,140 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\_loader_.tlb.zip
2012-01-23 17:13:18 . 2012-01-24 10:32:28 1,282 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-01-23 03:21:05 . 2012-01-23 03:21:06 819,712 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\isecurity.exe.vir
2012-01-12 22:13:38 . 2012-01-16 09:38:09 73,728 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@80000000.vir
2012-01-12 07:42:22 . 2012-01-23 17:06:54 2,632 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\loader.tlb.vir
2012-01-11 22:56:20 . 2012-01-11 22:56:20 2,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\@.vir
2012-01-11 22:56:20 . 2012-01-11 22:56:20 455,936 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\L\ouevqxqi.vir
2012-01-11 22:56:18 . 2012-01-11 22:56:23 72,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\zyrljehhlem9.sys.vir
2012-01-10 20:51:45 . 2012-01-16 09:37:34 3,072 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147\U\000000c0.@.vir
2012-01-05 16:17:46 . 2012-01-12 07:42:22 31,232 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@800000cf.vir
2012-01-05 16:03:47 . 2012-01-12 07:41:09 3,072 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@000000c0.vir
2012-01-05 15:16:16 . 2012-01-12 07:41:46 24,064 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@800000cb.vir
2011-11-19 19:11:25 . 2012-01-12 07:41:23 32,768 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@800000c0.vir
2011-09-30 00:34:34 . 2012-01-12 07:47:23 3,072 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147\U\000000cb.@.vir
2011-09-30 00:34:34 . 2012-01-12 07:41:10 3,072 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@000000cb.vir
2011-09-10 14:59:36 . 2012-01-12 07:41:04 45,968 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@00000001.vir
2011-09-09 19:03:00 . 2012-01-12 07:52:32 1,536 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147\U\000000cf.@.vir
2011-09-09 19:03:00 . 2012-01-12 07:41:10 1,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@000000cf.vir
2008-04-14 12:00:00 . 2008-04-14 12:00:00 5,120 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\isdrv120.dll.vir
OTL fix log
All processes killed
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 11812 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 9926299 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 41620 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 540806 bytes
->Flash cache emptied: 456 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Tea
->Temp folder emptied: 295358790 bytes
->Temporary Internet Files folder emptied: 164668 bytes
->Java cache emptied: 99595 bytes
->FireFox cache emptied: 44140371 bytes
->Google Chrome cache emptied: 56614008 bytes
->Flash cache emptied: 123835 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2408052 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52056 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 267855 bytes
RecycleBin emptied: 71434910 bytes
Total Files Cleaned = 460,00 mb
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.31.0 log created on 01242012_140700
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
MBAM log
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.24.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Tea :: TEA-LAPTOP [administrator]
Protection: Enabled
24.1.2012 14:17:57
mbam-log-2012-01-24 (14-17-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181455
Time elapsed: 5 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\srenum (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
oldman960
2012-01-24, 18:01
Hi
Sorry you are having problems. As mentioned you have/had several infection. At which point did you notice the usb and wlan problem?
We may have only removed part of one.
Here's the link to VirusTotal (www.virustotal.com)
Please submit this file
C:\Windows\System32\drivers\ndisrd.sys
After the scan is complete and the results saved see if you have any luck submitting this one:
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\__.zip
Next
We need to manualy submit a file.
Please visit this site (http://www.bleepingcomputer.com/submit-malware.php?channel=4) (Bleeping Computers)and follow the instructions for uploading the file.
In the top box please copy and paste the text in the following code box
http://forums.spybot.info/showthread.php?t=64950&page=3
Use the browse button to navigate to the following file
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\__.zip
In the bottom box type oldman960.
Click Send File
Please post back with the VirusTotal results and let me know if you were able to submit the file at Bleeping Computers.
Thanks
marko1234
2012-01-24, 19:13
Well first time i noticed problems with wlan,usb was after that first combofix use. Here are the results for virustotal:
Virustotal results for C:\Windows\System32\drivers\ndisrd.sys
SHA256: d359582ca1f00134dc049201be48e2f2d9df81b8e19f77c74d9ba73db6b21b15
SHA1: 613843dabaa2c42413879b5848dd43b0ff691c1a
MD5: 1359b200974395679b092f1d5f63cfa9
File size: 20.0 KB ( 20480 bytes )
File type: Win32 EXE
Detection ratio: 0 / 43
Analysis date: 2012-01-24 18:00:26 UTC ( 0 minutes ago )
Virustotal results for C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\__.zip
Try with this link https://www.virustotal.com/file/37591e988f0877dae2d30e580122e0153b99ee8f4eb26405737dc1b842b7db42/analysis/1327428150/
in case you cant see it scroll down, I've copy pasted it but its messy :(
SHA256: 37591e988f0877dae2d30e580122e0153b99ee8f4eb26405737dc1b842b7db42
SHA1: 1f7f4dd6f8b20fa0ec250327f7a119a03b2550d8
MD5: 550b64c29a791e3d56ae83bf6664acea
File size: 42.8 KB ( 43805 bytes )
File type: ZIP
Detection ratio: 27 / 43
Analysis date: 2012-01-24 18:02:30 UTC ( 2 minutes ago )
0
0
Antivirus Result Update
AhnLab-V3 - 20120122
AntiVir TR/Offend.6950063 20120123
Antiy-AVL - 20120121
Avast Win32:Rootkit-gen [Rtk] 20120123
AVG BackDoor.Generic14.AVFI 20120123
BitDefender Trojan.Generic.6950062 20120123
ByteHero - 20120123
CAT-QuickHeal - 20120123
ClamAV - 20120123
Commtouch W32/SYStroj.AR.gen!Eldorado 20120123
Comodo TrojWare.Win32.Rootkit.ZAccess.NA 20120123
DrWeb Trojan.MulDrop3.10059 20120124
Emsisoft Trojan.SuspectCRC!IK 20120123
eSafe - 20120123
eTrust-Vet Win32/Mushka.A!genus 20120123
F-Prot W32/SYStroj.AR.gen!Eldorado 20120123
F-Secure Trojan.Generic.6950062 20120123
Fortinet W32/Agent.NVG!tr 20120124
GData Trojan.Generic.6950062 20120123
Ikarus Trojan.SuspectCRC 20120123
Jiangmin Rootkit.Agent.opa 20120123
K7AntiVirus Riskware 20120123
Kaspersky HEUR:Trojan.Win32.Generic 20120124
McAfee Generic Rootkit.af 20120121
McAfee-GW-Edition Generic Rootkit.af 20120124
Microsoft Trojan:WinNT/Mushka.A 20120123
NOD32 a variant of Win32/Rootkit.Agent.NVG 20120123
Norman - 20120123
nProtect - 20120123
Panda Generic Malware 20120123
PCTools - 20120123
Prevx - 20120124
Rising - 20120118
Sophos Mal/Tent-A 20120123
SUPERAntiSpyware - 20120123
Symantec - 20120124
TheHacker Trojan/Agent.nvg 20120123
TrendMicro - 20120123
TrendMicro-HouseCall - 20120124
VBA32 Rootkit.Agent.bqmi 20120123
VIPRE Trojan.Win32.Biscker (v) 20120123
ViRobot - 20120123
VirusBuster Rootkit.Agent!gDu3VCAnKAU 20120123
.I have successfully submited the file to bleeping computers.
oldman960
2012-01-25, 02:53
Hi marko1234,
When you say XP doesn't see the usb, do you mean it doesn't see the ports at all or just doesn't see the device? What happens when you plug a usb device in?
Click start > right click
click properties
click Hardware tab
click device manager
Any yellow ! marks?
Are the usb ports list under unuvsersal serial bus controllers?
You said you needed to dpwnload and reinstall your wlan driver. What was the file name and where did you download it from?
marko1234
2012-01-25, 13:00
I have attached 3 screenshot since i find it easier than to try explain it with words.
Problem.gif - answers most of the questions you asked.
wlan1.gif - when i double click on Broadcom 802.11 multiband... it shows NO DRIVER installed and when you look at
wlan2.gif - when i click on DRIVER tab, you can see the driver IS installed.
The wlan driver i downloaded had the name sp37950.exe and i have downloaded it from http://driverscollection.com/?H=Compaq%206715s&By=HP&SS=Windows%20XP (third one from the top).
P.s. The problem is still there but i found a ugly solution. Everytime i restart/shut down and laptop finishes booting up, my WLAN is not working, usb not detected (tried two different USB flashdrives on two different ports) and most of the time my laptop freezes when it boots, meaning i cant click anything and when i hover with my mouse over START button (and the whole taskbar) i get that BUSY sandwatch. only "fix" that has worked so far (tried two times, both successfull) is pressing a button on my laptopthat is used to turn WLAN on/off asap while booting. The blue LED goes off and when laptop finishes booting I press it again to turn it on and it works :/
sorry for this messy explanation but i cant describe it any better :(
oldman960
2012-01-25, 18:25
Hi marko1234,
I'm not sure if you have the correct drivers. The one you downloaded, when I followed the link to the file seems to indicate that it's for HP Compaq 6715s Notebook PC . However the HP site says differently. The files for that model can be found HERE (http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=ca&prodNameId=3356623&prodTypeId=321957&prodSeriesId=3368539&swLang=13&taskId=135&swEnvOID=1093). The file name is different than what you posted.
What is the model and number of your laptop? There should be a label on the bottom or under the battery.
marko1234
2012-01-25, 23:24
I have downloaded the driver from the link you gave me and wlan worked just fine when i shut it down and back on. i was rly happy and thought we succeeded. Then I thought to myself, ill try again just to be sure. restarted and to my dissapointment same old story, wlan not working (problem1.gif from the last post), usb failing, cant shutdown normally. some mean ass virus/trojan :(
Is windows reinstall my only option or ...?
marko1234
2012-01-25, 23:26
And yeah my laptop model is Compaq 6715s. really stupid that google gives you that bulls**t site as a first result when you google "HP compaq 6715s wlan driver"
marko1234
2012-01-26, 00:05
Oh and btw, after 10 forced shutdowns didnt get the wlan to work. im currently using safe mode with networking and wlan is working (obviously). just wanted to let you know
oldman960
2012-01-26, 01:13
Hi marko1234,
Did you unstall the old drivers first?
Let's get another OTL log,
Please run this in Normal Windows as it will show the state of the services plus the running process that will not be running in safe mode. You can save the logs then boot back to Safe Mode with Networking to post the logs.
Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Standard Output
Check the box beside "scan all users"
In the Extra Registry section change it to All
UnCheck the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following
netsvcs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
/md5start
consrv.*
winsrv.*
ndisrd.*
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
marko1234
2012-01-26, 02:09
OTL logfile created on: 26.1.2012 1:56:23 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tea\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy
895,23 Mb Total Physical Memory | 356,13 Mb Available Physical Memory | 39,78% Memory free
2,12 Gb Paging File | 1,62 Gb Available in Paging File | 76,73% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101,44 Gb Total Space | 31,97 Gb Free Space | 31,52% Space Free | Partition Type: NTFS
Drive D: | 8,79 Gb Total Space | 0,63 Gb Free Space | 7,23% Space Free | Partition Type: NTFS
Computer Name: TEA-LAPTOP | User Name: Tea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.01.23 01:04:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010.02.22 15:50:16 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010.02.22 15:49:56 | 002,140,880 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.06 14:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.12.04 15:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
========== Modules (No Company Name) ==========
MOD - [2012.01.24 12:01:26 | 012,231,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62da3f0fabaac0a8c8a4e11f9012391d\System.Web.ni.dll
MOD - [2012.01.23 23:35:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012.01.23 23:35:14 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2012.01.23 23:34:54 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2012.01.23 18:58:02 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012.01.23 18:57:51 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012.01.23 18:56:50 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010.06.03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.04.11 21:14:50 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2908.16950__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:50 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2908.16911__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:50 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2908.16962__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2908.16942__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2908.16929__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:49 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2908.17117__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:49 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2908.17139__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:49 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2908.17131__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:49 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2908.17098__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:49 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:47 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2908.17160__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:06 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2908.17167__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:06 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2908.16956__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:06 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2908.16923__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2908.16955__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:05 | 000,352,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2908.17105__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:05 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:05 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2908.17111__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:05 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2908.17104__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:05 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:03 | 000,794,624 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:03 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2908.17124__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:03 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:02 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2908.16976__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2908.16930__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,217,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2908.16969__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:01 | 000,901,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2908.17132__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,663,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2908.17099__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,479,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2908.17059__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2908.17092__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:01 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2908.17063__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:01 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2908.17091__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.04.11 21:13:59 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.04.11 21:13:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.04.11 21:13:59 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010.04.11 21:13:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.04.11 21:13:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll
MOD - [2010.04.11 21:13:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.04.11 21:13:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.04.11 21:13:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.04.11 21:13:58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2010.04.11 21:13:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.04.11 21:13:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.04.11 21:13:46 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2908.17177__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.04.11 21:13:46 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2908.16901__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.04.11 21:13:45 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2908.16937__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.04.11 21:13:45 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2908.17152__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.04.11 21:13:45 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2908.17150__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.04.11 21:13:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.04.11 21:13:45 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.04.11 21:13:45 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.04.11 21:13:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.04.11 21:13:44 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2908.16903__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.04.11 21:13:44 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.04.11 21:13:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.04.11 21:13:42 | 001,507,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2908.16918__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.04.11 21:13:41 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2908.16903__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010.04.11 21:13:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2908.16902__90ba9c70f846762e\APM.Server.dll
MOD - [2010.04.11 21:13:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2908.16901__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.04.11 21:13:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.04.11 21:13:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2908.17151__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.04.11 21:13:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.04.11 21:13:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.02.06 14:20:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.02.06 14:16:06 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.02.22 15:52:52 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.02.22 15:50:16 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2006.12.04 15:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
========== Driver Services (SafeList) ==========
DRV - [2012.01.26 01:49:45 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.22 20:01:22 | 000,020,480 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisrd.sys -- (ndisrd)
DRV - [2010.02.22 15:51:06 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.02.22 15:51:04 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.02.22 15:50:56 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.02.22 15:50:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.02.22 15:47:20 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.04.28 19:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007.12.18 10:46:24 | 002,849,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.07.17 00:24:00 | 000,035,072 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2007.01.02 14:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.12.15 13:44:42 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.07.01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-413027322-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-413027322-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tea\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.24 00:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.24 00:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.04.11 16:11:46 | 000,000,000 | ---D | M]
[2010.04.11 16:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Extensions
[2012.01.24 00:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions
[2011.04.05 22:05:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.23 04:31:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.01.23 04:31:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.01.24 13:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.24 13:35:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012.01.24 00:41:31 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.24 00:41:25 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.01.24 00:41:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.24 00:41:25 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.01.24 00:41:25 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2012.01.24 00:41:25 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Tea\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_JamesWhite = C:\Documents and Settings\Tea\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
O1 HOSTS File: ([2012.01.24 11:34:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-413027322-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-413027322-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-413027322-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-413027322-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23FB4650-9569-4754-B0F8-C11D10A8F1DD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Pozadina radne površine.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Pozadina radne površine.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.11 13:26:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ==========
[2012.01.26 01:46:00 | 008,094,608 | ---- | C] (Hewlett-Packard Company ) -- C:\Documents and Settings\Tea\Desktop\sp41680.exe
[2012.01.25 23:45:25 | 007,122,616 | ---- | C] (Hewlett-Packard Company ) -- C:\Documents and Settings\Tea\Desktop\sp40535.exe
[2012.01.25 11:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Start Menu\Programs\IrfanView
[2012.01.25 11:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012.01.24 14:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Application Data\Malwarebytes
[2012.01.24 14:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.24 14:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.01.24 14:15:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.24 14:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.24 14:12:00 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tea\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.24 13:36:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.24 13:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.24 13:35:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.01.24 13:35:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.01.24 13:35:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.01.24 12:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012.01.24 12:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Desktop\Ad_Aware.Pro.8.1.4
[2012.01.24 12:49:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.01.24 11:32:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.01.23 18:13:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.01.23 18:13:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.01.23 18:13:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.01.23 18:13:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.01.23 18:13:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.23 18:11:42 | 004,388,468 | R--- | C] (Swearware) -- C:\Documents and Settings\Tea\Desktop\jgh.exe
[2012.01.23 11:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012.01.23 04:15:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.23 01:07:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
[2012.01.17 11:57:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.01.17 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012.01.17 11:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012.01.17 11:51:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tea\Start Menu\Programs\Administrative Tools
[2012.01.17 11:51:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tea\Desktop\erunt-setup.exe
[2012.01.17 11:51:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Tea\Desktop\dds.scr
[2012.01.17 02:49:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.01.16 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012.01.14 10:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Desktop\Riki 2-7mj
[2012.01.12 09:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
========== Files - Modified Within 30 Days ==========
[2012.01.26 01:53:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.26 01:53:23 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.26 01:53:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.26 01:50:24 | 000,436,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.26 01:50:24 | 000,068,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.26 01:49:45 | 001,391,104 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\BCMWL5.SYS
[2012.01.25 23:45:26 | 007,122,616 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Tea\Desktop\sp40535.exe
[2012.01.25 23:20:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.25 22:49:09 | 000,123,392 | ---- | M] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.25 22:48:36 | 000,015,144 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\rotterdam1.jpg
[2012.01.25 22:43:58 | 000,043,604 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\rotterdam.jpg
[2012.01.25 21:18:17 | 002,401,739 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\cv.gif
[2012.01.25 18:32:42 | 008,094,608 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Tea\Desktop\sp41680.exe
[2012.01.25 13:03:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2012.01.25 12:45:07 | 000,028,152 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\wlan2.gif
[2012.01.25 12:44:53 | 000,024,068 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\wlan1.gif
[2012.01.25 11:46:49 | 000,127,758 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\problem.gif
[2012.01.25 11:40:26 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\IrfanView Thumbnails.lnk
[2012.01.25 11:40:26 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\IrfanView.lnk
[2012.01.25 01:03:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2012.01.24 19:03:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2012.01.24 14:15:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.24 14:14:21 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tea\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.24 13:28:54 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.01.24 13:28:54 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\statistics.dat
[2012.01.24 13:28:54 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.01.24 13:24:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2012.01.24 12:32:00 | 083,109,073 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ADawP.Dr.House.rar
[2012.01.24 11:54:05 | 000,012,696 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\combofixlog.zip
[2012.01.24 11:34:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.01.24 11:19:13 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Tea\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.01.24 01:30:45 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.24 01:19:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.01.23 18:08:16 | 004,388,468 | R--- | M] (Swearware) -- C:\Documents and Settings\Tea\Desktop\jgh.exe
[2012.01.23 18:06:54 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012.01.23 04:12:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.23 01:04:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
[2012.01.17 11:57:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ERUNT.lnk
[2012.01.17 11:56:37 | 000,007,597 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ddslog.zip
[2012.01.17 02:58:41 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tea\Desktop\erunt-setup.exe
[2012.01.17 02:57:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Tea\Desktop\dds.scr
[2012.01.11 12:14:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
========== Files Created - No Company Name ==========
[2012.01.26 01:49:21 | 000,873,374 | ---- | C] () -- C:\WINDOWS\System32\oem38.inf
[2012.01.25 22:46:47 | 000,015,144 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\rotterdam1.jpg
[2012.01.25 22:43:58 | 000,043,604 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\rotterdam.jpg
[2012.01.25 21:18:16 | 002,401,739 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\cv.gif
[2012.01.25 11:50:36 | 000,028,152 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\wlan2.gif
[2012.01.25 11:49:38 | 000,024,068 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\wlan1.gif
[2012.01.25 11:42:49 | 000,127,758 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\problem.gif
[2012.01.25 11:40:26 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\IrfanView Thumbnails.lnk
[2012.01.25 11:40:26 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\IrfanView.lnk
[2012.01.24 14:15:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.24 13:28:54 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.01.24 13:28:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\statistics.dat
[2012.01.24 13:28:54 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.01.24 13:04:27 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2012.01.24 13:04:27 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2012.01.24 13:04:26 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2012.01.24 13:04:26 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2012.01.24 12:53:16 | 083,109,073 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ADawP.Dr.House.rar
[2012.01.24 12:52:27 | 070,418,432 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\HTV2_upanijsk(110225_144428).mpg
[2012.01.24 11:54:05 | 000,012,696 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\combofixlog.zip
[2012.01.24 11:19:13 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Tea\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.01.24 00:41:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.23 18:13:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.23 18:13:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.23 18:13:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.23 18:13:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.23 18:13:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.01.17 11:57:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ERUNT.lnk
[2012.01.17 11:56:37 | 000,007,597 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ddslog.zip
[2012.01.16 10:38:09 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2011.09.27 16:42:36 | 000,044,832 | ---- | C] () -- C:\WINDOWS\System32\epfwdata.bin
[2011.05.30 05:55:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\{ACBFB8EE-A683-43AD-AC5B-B379A4A85257}
[2011.03.28 20:54:11 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.12.08 14:18:00 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Tea\Application Data\winscp.rnd
[2010.04.14 09:13:33 | 000,123,392 | ---- | C] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.11 21:16:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.04.11 17:23:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.11 16:00:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.04.11 15:12:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.04.11 15:10:52 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.11 13:29:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.04.11 13:23:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.04.14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 13:00:00 | 000,436,042 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 13:00:00 | 000,068,938 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.12.18 09:25:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007.12.18 09:25:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007.12.18 09:25:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.11.27 14:34:14 | 000,160,289 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007.02.06 14:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.02.06 13:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== Custom Scans ==========
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd /s >
"ImagePath" = system32\DRIVERS\ndisrd.sys -- [2011.09.22 20:01:22 | 000,020,480 | ---- | M] (NT Kernel Resources)
"DisplayName" = WinpkFilter Service
"Group" = PNP_TDI
"ErrorControl" = 1
"Type" = 1
"Start" = 3
"Tag" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Parameters\Adapters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Parameters\Adapters\NdisWanIp]
"UpperBindings" = \Device\{0435696E-E320-4BAD-9D22-21077D103E1D}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Parameters\Adapters\{7DA07B17-F732-47DB-974F-215CA39D72AB}]
"UpperBindings" = \Device\{BFCAF0DB-1F20-4B13-9D4C-BC506D4BBAD4}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Parameters\Adapters\{992EF97A-8EFC-4913-ABB3-584C93658CE2}]
"UpperBindings" = \Device\{FCC8F090-D603-4401-84EA-999C9FD57ACE}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Enum]
"0" = Root\NT_NDISRDMP\0001
"Count" = 2
"NextInstance" = 2
"1" = Root\NT_NDISRDMP\0002
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >
"Debug" =
"Kmode" = %SystemRoot%\system32\win32k.sys -- [2011.11.23 14:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation)
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase" = 2137980928
< MD5 for: NDISRD.SYS >
[2011.09.22 20:01:22 | 000,020,480 | ---- | M] (NT Kernel Resources) MD5=1359B200974395679B092F1D5F63CFA9 -- C:\WINDOWS\system32\drivers\ndisrd.sys
< MD5 for: WINSRV.DLL >
[2008.04.14 13:00:00 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\WINDOWS\$NtUninstallKB2121546$\winsrv.dll
[2010.06.18 18:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=42B5427FAC23BF6F1F31E466B7FEB084 -- C:\WINDOWS\$NtUninstallKB2507938$\winsrv.dll
[2010.06.18 18:43:57 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=6DC05976FB5B8E1358EAC8BEDFD1FA47 -- C:\WINDOWS\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
[2011.11.25 22:57:19 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\sp3gdr\winsrv.dll
[2011.11.25 22:57:19 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\system32\dllcache\winsrv.dll
[2011.11.25 22:57:19 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\system32\winsrv.dll
[2011.11.25 22:56:26 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=B23423313519C522E0E73BA170D3CE71 -- C:\WINDOWS\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
[2011.11.25 22:56:26 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=B23423313519C522E0E73BA170D3CE71 -- C:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\sp3qfe\winsrv.dll
[2011.04.26 12:07:50 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=EC0A223C4854E98A3AFB2C31B7B420A0 -- C:\WINDOWS\$NtUninstallKB2646524$\winsrv.dll
[2011.04.26 12:07:50 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=EC0A223C4854E98A3AFB2C31B7B420A0 -- C:\WINDOWS\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\sp3gdr\winsrv.dll
[2011.04.26 12:02:48 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=F52D3C601CF618479F9AD43B07599BED -- C:\WINDOWS\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
[2011.04.26 12:02:48 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=F52D3C601CF618479F9AD43B07599BED -- C:\WINDOWS\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\sp3qfe\winsrv.dll
< MD5 for: WINSRV.DLL.000 >
[2011.04.26 12:07:50 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=EC0A223C4854E98A3AFB2C31B7B420A0 -- C:\WINDOWS\$NtUninstallKB2646524$\winsrv.dll.000
< End of report >
marko1234
2012-01-26, 02:09
OTL Extras logfile created on: 26.1.2012 1:56:23 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tea\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy
895,23 Mb Total Physical Memory | 356,13 Mb Available Physical Memory | 39,78% Memory free
2,12 Gb Paging File | 1,62 Gb Available in Paging File | 76,73% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101,44 Gb Total Space | 31,97 Gb Free Space | 31,52% Space Free | Partition Type: NTFS
Drive D: | 8,79 Gb Total Space | 0,63 Gb Free Space | 7,23% Space Free | Partition Type: NTFS
Computer Name: TEA-LAPTOP | User Name: Tea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1085031214-413027322-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"25292:TCP" = 25292:TCP:*:Enabled:System38
"7244:TCP" = 7244:TCP:*:Enabled:System38
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Tea\Desktop\COD\Call of Duty 1.5 + United Offensive\Call of Duty\CoDUOMP.exe" = C:\Documents and Settings\Tea\Desktop\COD\Call of Duty 1.5 + United Offensive\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{11A7769F-6706-3191-9A9A-6B4AB0F56419}" = Catalyst Control Center Localization Norwegian
"{169F0A86-B4E2-E0D0-9623-4982A9C48C93}" = CCC Help Chinese Traditional
"{177775EF-DF8B-D947-0B51-D14ED1F836C5}" = Catalyst Control Center Localization Czech
"{183C2621-49ED-C3F3-6FFF-4807079E1AC0}" = CCC Help Thai
"{189DC77B-7B5B-0547-276B-C026EF0C757C}" = ccc-core-preinstall
"{1D8135C3-46FA-77E4-E645-405BD62DDAB9}" = Catalyst Control Center Localization Turkish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209DC8F3-20D6-56D1-3EDA-04792A59589D}" = CCC Help Greek
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 30
"{2A0AF7BE-CB9C-D902-676E-B3DAEECB6B2D}" = Catalyst Control Center Localization Korean
"{2B9A8E7E-CDE6-D723-3521-B6D4784FFBEA}" = Catalyst Control Center Localization Japanese
"{2D0A84FC-2178-131A-7563-705200BDFF20}" = CCC Help Polish
"{2EE6086A-2926-66A7-2B60-42FB259D95B7}" = Catalyst Control Center Localization Russian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33B75044-54B4-5AB4-7A19-7B9D77BF2285}" = Catalyst Control Center Localization Greek
"{33E58EE4-0E59-0017-78D0-D56FD3594770}" = CCC Help Korean
"{342BE86B-31F5-6E7E-A1CB-87BA5272BC2C}" = Catalyst Control Center Localization Hungarian
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{36807E1C-C7F5-CCF7-3617-F41837DECAF7}" = CCC Help Danish
"{3A8B8170-7321-E5FC-0047-74F9F5D21B25}" = Catalyst Control Center Localization Thai
"{3F93B2BA-18EC-462B-9ACD-396599353EE1}" = Catalyst Control Center - Branding
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D1E0AA2-3B34-6940-3663-0E255EFBBF63}" = CCC Help Portuguese
"{517459C1-A2C2-7641-AA71-4E7E98B5E8A9}" = CCC Help Spanish
"{53B35D1A-B93A-C389-409B-EEBC68D82861}" = Catalyst Control Center Core Implementation
"{540EA3CE-1229-5702-929D-A67E6331AC39}" = CCC Help Norwegian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A721E61-FBDE-9422-3C64-17D918C7196B}" = Catalyst Control Center Localization German
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F74F1E5-C4DF-7A18-3C11-A47382FFA660}" = CCC Help Swedish
"{611CB353-FEC0-1245-1859-B169344D1454}" = CCC Help Japanese
"{751CCF7A-CFF6-4A4B-9119-D4448D87B025}" = ESET Smart Security
"{77F38DEB-140F-0B24-52C4-6B385127CB1F}" = Catalyst Control Center Localization Finnish
"{79AAA8E0-B47C-EDAB-826E-C498AA4857CE}" = CCC Help Finnish
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89B65CDA-DC1B-C5B3-73DF-3CFF4A19A588}" = CCC Help German
"{8C74846F-56C1-7CA1-14BF-B7A87F7A0CA7}" = Catalyst Control Center Localization Dutch
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CEA4C7D0-ABBE-4074-A488-173BB382CDFF}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907E8FCC-ACB6-8F7D-9930-8C95F1DC7D87}" = ccc-utility
"{90A2E630-72EA-3309-6B02-9307C795345C}" = CCC Help Russian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A00E6A54-A3B5-7FCD-5DBA-4BFAB5B2DBD7}" = Catalyst Control Center Localization Italian
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A21A1F07-8EE5-1DC3-74E5-73AF089B5722}" = Catalyst Control Center Localization Polish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A843E814-9178-6F3F-E821-9094D33128F5}" = Catalyst Control Center Graphics Full New
"{A893EF27-F743-D48F-3971-ABD33A2A0902}" = CCC Help French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0CBF76-BD8E-48C0-AE32-31684A629836}" = HP Broadband Wireless Modules
"{AA3D13A1-2373-6638-8398-FBDA07FAC464}" = CCC Help Turkish
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF0EC284-33B6-9100-E851-B64FDC070429}" = Catalyst Control Center Localization French
"{B1463859-54D3-03C0-2D87-04D15A4B5D06}" = Catalyst Control Center Localization Chinese Traditional
"{B15AC518-1C5D-D41F-37CA-768851B11FAB}" = Catalyst Control Center Localization Swedish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BC1584FD-B945-E401-7C34-929964DE9E24}" = CCC Help Chinese Standard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C443C2F5-CBEC-1299-3A60-6C3C9965EF5A}" = CCC Help Czech
"{C594294F-E38B-FB39-4C3B-E97EFCE3AC0D}" = Catalyst Control Center Localization Danish
"{C97636B2-42D2-C8C0-CDD8-4A323CF6BC5C}" = CCC Help Italian
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDA1ADA3-BBB4-4250-B272-AC21C78C3968}" = HP PCMCIA Smart Card Reader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0F7BFE-61D8-E7B8-6F99-F5E149B89051}" = Catalyst Control Center Localization Portuguese
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D7BE4FF6-24E1-3E12-D6D0-C76F26F31327}" = Catalyst Control Center Graphics Light
"{DFDE44B2-4E88-9B2D-75B6-945635C665DF}" = Catalyst Control Center Localization Spanish
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E634B696-8333-8216-6415-86272864894F}" = ccc-core-static
"{E78A17B7-B3E7-045B-820D-5DCE2541DEBC}" = CCC Help English
"{E978DAC8-F978-B81D-0BA1-9A566A79A7A6}" = CCC Help Hungarian
"{E9A82610-AD0E-F189-1F41-95996BC15794}" = Catalyst Control Center Graphics Full Existing
"{EB36FA85-8004-D358-601C-542FE3A2A77C}" = CCC Help Dutch
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6F6B40D-6477-87E2-3899-AF53366D84D2}" = Catalyst Control Center Localization Chinese Standard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BSPlayerp" = BS.Player PRO
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 hr)" = Mozilla Firefox 9.0.1 (x86 hr)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PKR" = PKR
"Sweet Home 3D_is1" = Sweet Home 3D version 3.2
"Uninstall Tool_is1" = Uninstall Tool
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR arhiver
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1085031214-413027322-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ System Events ]
Error - 24.1.2012 9:49:22 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Remote Registry service failed to start due to the following error:
%%1069
Error - 24.1.2012 9:51:36 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.
Error - 25.1.2012 7:15:19 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.
Error - 25.1.2012 7:20:05 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.
Error - 25.1.2012 15:49:58 | Computer Name = TEA-LAPTOP | Source = PSched | ID = 14103
Description = QoS [Adapter {992EF97A-8EFC-4913-ABB3-584C93658CE2}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.
Error - 25.1.2012 17:56:41 | Computer Name = TEA-LAPTOP | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001A73788250. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.
Error - 25.1.2012 18:34:24 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {57787927-8B56-4E73-A2BB-5FC76872CDA0} did not register
with DCOM within the required timeout.
Error - 25.1.2012 18:34:24 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.
Error - 25.1.2012 19:02:40 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 25.1.2012 19:03:27 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 ehdrv Fips
< End of report >
marko1234
2012-01-26, 02:22
I uninstalled wlan driver and reinstalled it properly now. it seems to work now. tried 3 times, everytime that notification icon was indicating it is working except that my pc froze second time. but i guess its the problem that the virus is causing (nothing new, happened alot and i have mentioned it).
oldman960
2012-01-26, 05:34
Hi marko1234,
Let's see if this will help.
Please follow all previous instructions regarding security programs.
Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
File::
c:\windows\system32\drivers\ndisrd.sys
C:\WINDOWS\System32\oem38.inf
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"25292:TCP"=-
"7244:TCP"=-
Driver::
ndisrd
In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.
This will start ComboFix again.Close all browser/windows first.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
marko1234
2012-01-26, 11:29
Hi oldman960
Here's the log you requested.
ComboFix 12-01-23.02 - Tea 26.01.2012 11:14:39.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.895.270 [GMT 1:00]
Running from: c:\documents and settings\Tea\Desktop\jgh.exe
Command switches used :: c:\documents and settings\Tea\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
FILE ::
"c:\windows\system32\drivers\ndisrd.sys"
"c:\windows\System32\oem38.inf"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
c:\windows\system32\drivers\ndisrd.sys
c:\windows\System32\oem38.inf
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ndisrd
.
.
((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-25 10:40 . 2012-01-25 10:40 -------- d-----w- c:\program files\IrfanView
2012-01-24 13:16 . 2012-01-24 13:16 -------- d-----w- c:\documents and settings\Tea\Application Data\Malwarebytes
2012-01-24 13:15 . 2012-01-24 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-24 13:15 . 2012-01-24 13:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-24 13:15 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 12:35 . 2012-01-24 12:35 -------- d-----w- c:\program files\Common Files\Java
2012-01-24 11:58 . 2012-01-24 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-01-23 23:41 . 2012-01-23 23:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-23 23:41 . 2012-01-23 23:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-01-23 23:41 . 2012-01-23 23:41 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-23 23:41 . 2012-01-23 23:41 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-01-23 23:41 . 2012-01-23 23:41 814040 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-01-23 23:41 . 2012-01-23 23:41 486360 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-01-23 23:41 . 2012-01-23 23:41 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-23 23:41 . 2012-01-23 23:41 2124760 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-01-23 23:41 . 2012-01-23 23:41 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-01-23 23:41 . 2012-01-23 23:41 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-23 23:41 . 2012-01-23 23:41 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-23 23:41 . 2012-01-23 23:41 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-23 10:33 . 2012-01-23 10:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-23 03:15 . 2012-01-23 03:15 -------- d-----w- C:\_OTL
2012-01-17 10:57 . 2012-01-17 10:57 -------- d-----w- c:\program files\ERUNT
2012-01-17 01:49 . 2012-01-17 01:49 -------- d-----w- c:\documents and settings\Administrator
2012-01-16 09:38 . 2012-01-23 17:06 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 00:49 . 2010-04-11 14:33 1391104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 04:54 . 2010-11-09 14:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27 . 2010-04-11 21:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-03 15:28 . 2008-04-14 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-31 20:57 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec
2012-01-23 23:41 . 2012-01-23 23:41 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-24_10.35.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2012-01-26 10:23 . 2012-01-26 10:23 16384 c:\windows\temp\Perflib_Perfdata_714.dat
+ 2012-01-26 00:49 . 2010-04-11 14:33 87280 c:\windows\system32\ReinstallBackups\0006\DriverFiles\bcmwlcoi.dll
- 2008-04-14 12:00 . 2012-01-24 08:46 68938 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-01-26 00:50 68938 c:\windows\system32\perfc009.dat
+ 2010-04-11 12:46 . 2012-01-24 12:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-04-11 12:46 . 2012-01-16 09:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-01-24 12:04 . 2012-01-24 12:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-01-24 11:01 . 2012-01-24 11:01 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
- 2012-01-24 10:33 . 2012-01-24 10:33 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2008-04-14 12:00 . 2012-01-24 08:46 436042 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2012-01-26 00:50 436042 c:\windows\system32\perfh009.dat
+ 2012-01-24 12:35 . 2011-11-10 04:54 157472 c:\windows\system32\javaws.exe
+ 2012-01-24 12:35 . 2011-11-10 04:54 149280 c:\windows\system32\javaw.exe
+ 2012-01-24 12:35 . 2011-11-10 04:54 149280 c:\windows\system32\java.exe
- 2008-04-14 12:00 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-04-14 12:00 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-04-14 12:00 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2012-01-24 11:58 . 2012-01-24 11:58 236032 c:\windows\Installer\43da03.msi
+ 2012-01-24 12:35 . 2012-01-24 12:35 203776 c:\windows\Installer\1841a1.msi
+ 2012-01-24 11:02 . 2012-01-24 11:02 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\41db75b77769b05c791a7decf13afdc1\System.Web.Routing.ni.dll
- 2012-01-24 10:33 . 2012-01-24 10:33 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
- 2012-01-24 10:33 . 2012-01-24 10:33 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
- 2012-01-24 10:33 . 2012-01-24 10:33 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
- 2012-01-24 10:33 . 2012-01-24 10:33 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 549888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b927a01b2a945d6a996294172195de4c\System.Web.DynamicData.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 145408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\ae91185a31cc445024a9b152cf5c65ff\System.Web.Abstractions.ni.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2012-01-26 00:49 . 2012-01-25 21:54 1391104 c:\windows\system32\ReinstallBackups\0006\DriverFiles\BCMWL5.SYS
+ 2012-01-24 11:02 . 2012-01-24 11:02 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-01-24 11:02 . 2012-01-24 11:02 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-01-24 11:02 . 2012-01-24 11:02 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:02 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
- 2012-01-24 10:33 . 2012-01-24 10:33 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 2418688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\2914bb8a0993adc7cdc5bd92dbc89719\System.Web.Extensions.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 12231680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62da3f0fabaac0a8c8a4e11f9012391d\System.Web.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-22 2140880]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Tea\\Desktop\\COD\\Call of Duty 1.5 + United Offensive\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [22.2.2010 15:50 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.2.2010 15:50 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [24.1.2012 14:15 652872]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [4.12.2006 15:13 292384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [24.1.2012 14:15 20464]
S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.4.2010 17:31 135664]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30.4.2010 17:31 135664]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [17.7.2007 0:24 35072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:31]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-26 11:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2012-01-26 11:28:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-26 10:28
ComboFix2.txt 2012-01-24 10:39
ComboFix3.txt 2012-01-23 17:38
.
Pre-Run: 34.306.412.544 bytes free
Post-Run: 34.295.042.048 bytes free
.
- - End Of File - - 7FB551C6BFB2A0C0B11FBCEE3B5BFCBB
oldman960
2012-01-26, 12:05
Hi marko1234,
How's the computer?
marko1234
2012-01-26, 12:30
Hi oldman960,
aside from the fact that its still booting a little too slow (XP logo fades in with some freezes, and that bar make quite a few runs from left to right), laptop is just fine. tried restarting it a couple of times, every time had no problems with working on it or with wlan. You need me to do anymore tests/scans?
Thanks
oldman960
2012-01-26, 13:03
Hi marko1234,
We emptied a bunch of temporary cashes. The computer should start a bit faster as those caches repopulate.
We also found and removed a different infection with the last combofix run.
One more scan to check for stragglers.
Please run the F-Secure Online Scanner (http://www.f-secure.com/en/web/home_global/protection/free-online-tools/free-online-tools) from F-Secure.
At the bottom of the webpage, read and agree to the license terms and click run check. Be sure to run the Online Scanner and not the Health Check!
If prompted, give the java plug-in permission to run.
Select Quick Scan when prompted, and then click on Scan.
Once the scan is finished, make sure Automatically and Send the Files to F-Secure are unchecked and click next.
After clicking on next, click on Full Report. A log should appear in your internet browser. Copy that information and post it here.
Next
Open OTL and click Quick Scan
Please post back with
F-Secure log
OTL.txt
thanks
marko1234
2012-01-26, 15:23
F-Secure log
Scanning Report
Thursday, January 26, 2012 15:01:43 - 15:09:44
Computer name: TEA-LAPTOP
Scanning type: Quick scan
Target: System
4 malware found
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Adtech (spyware)
System (Disinfected)
TrackingCookie.Xiti (spyware)
System (Disinfected)
TrackingCookie.Webtrends (spyware)
System (Disinfected)
Statistics
Scanned:
Files: 3418
System: 3418
Not scanned: 0
Actions:
Disinfected: 4
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Options
Scanning engines:
OTL quick scan log
OTL logfile created on: 26.1.2012 15:12:41 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tea\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy
895,23 Mb Total Physical Memory | 232,14 Mb Available Physical Memory | 25,93% Memory free
2,12 Gb Paging File | 1,34 Gb Available in Paging File | 63,11% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101,44 Gb Total Space | 31,26 Gb Free Space | 30,82% Space Free | Partition Type: NTFS
Drive D: | 8,79 Gb Total Space | 0,63 Gb Free Space | 7,23% Space Free | Partition Type: NTFS
Computer Name: TEA-LAPTOP | User Name: Tea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.01.24 00:41:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.01.23 01:04:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.11.10 05:54:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010.02.22 15:50:16 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010.02.22 15:49:56 | 002,140,880 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.06 15:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.02.06 15:11:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006.12.04 15:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
========== Modules (No Company Name) ==========
MOD - [2012.01.24 12:01:26 | 012,231,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62da3f0fabaac0a8c8a4e11f9012391d\System.Web.ni.dll
MOD - [2012.01.24 00:41:29 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.01.23 23:35:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012.01.23 23:35:14 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2012.01.23 23:34:54 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2012.01.23 18:58:02 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012.01.23 18:57:51 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012.01.23 18:56:50 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011.11.10 05:53:45 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2011.08.28 20:05:14 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010.06.03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.04.11 21:14:50 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2908.16950__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:50 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2908.16911__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:50 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2908.16962__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2908.16942__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2908.16929__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:49 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2908.17117__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:49 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2908.17139__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:49 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2908.17131__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:49 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2908.17098__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:49 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:47 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2908.17160__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:06 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2908.17167__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:06 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2908.16956__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:06 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2908.16923__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2908.16955__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:05 | 000,352,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2908.17105__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:05 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:05 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2908.17111__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:05 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2908.17104__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:05 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:03 | 000,794,624 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:03 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2908.17124__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:03 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:02 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2908.16976__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2908.16930__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,217,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2908.16969__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:01 | 000,901,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2908.17132__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,663,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2908.17099__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,479,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2908.17059__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2908.17092__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:01 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2908.17063__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:01 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2908.17091__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.04.11 21:13:59 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.04.11 21:13:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.04.11 21:13:59 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010.04.11 21:13:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.04.11 21:13:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll
MOD - [2010.04.11 21:13:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.04.11 21:13:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.04.11 21:13:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.04.11 21:13:58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2010.04.11 21:13:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.04.11 21:13:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.04.11 21:13:46 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2908.17177__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.04.11 21:13:46 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2908.16901__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.04.11 21:13:45 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2908.16937__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.04.11 21:13:45 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2908.17152__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.04.11 21:13:45 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2908.17150__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.04.11 21:13:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.04.11 21:13:45 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.04.11 21:13:45 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.04.11 21:13:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.04.11 21:13:44 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2908.16903__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.04.11 21:13:44 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.04.11 21:13:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.04.11 21:13:42 | 001,507,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2908.16918__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.04.11 21:13:41 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2908.16903__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010.04.11 21:13:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2908.16902__90ba9c70f846762e\APM.Server.dll
MOD - [2010.04.11 21:13:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2908.16901__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.04.11 21:13:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.04.11 21:13:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2908.17151__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.04.11 21:13:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.04.11 21:13:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.02.06 15:20:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.02.06 15:16:06 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.02.22 15:52:52 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.02.22 15:50:16 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2006.12.04 15:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
========== Driver Services (SafeList) ==========
DRV - [2012.01.26 01:49:45 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.02.22 15:51:06 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.02.22 15:51:04 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.02.22 15:50:56 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.02.22 15:50:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.02.22 15:47:20 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.04.28 19:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007.12.18 10:46:24 | 002,849,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.07.17 00:24:00 | 000,035,072 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2007.02.14 14:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.02.14 14:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.01.02 14:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.12.15 13:44:42 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.07.01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tea\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.24 00:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.24 00:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.04.11 16:11:46 | 000,000,000 | ---D | M]
[2010.04.11 16:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Extensions
[2012.01.24 00:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions
[2011.04.05 22:05:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.23 04:31:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.01.23 04:31:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.01.24 13:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.24 13:35:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012.01.24 00:41:31 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.24 00:41:25 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.01.24 00:41:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.24 00:41:25 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.01.24 00:41:25 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2012.01.24 00:41:25 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Tea\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_JamesWhite = C:\Documents and Settings\Tea\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
O1 HOSTS File: ([2012.01.26 11:22:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23FB4650-9569-4754-B0F8-C11D10A8F1DD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Pozadina radne površine.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Pozadina radne površine.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.11 13:26:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.01.26 15:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Application Data\f-secure
[2012.01.26 14:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012.01.26 11:54:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.01.25 11:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Start Menu\Programs\IrfanView
[2012.01.25 11:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012.01.24 14:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Application Data\Malwarebytes
[2012.01.24 14:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.24 14:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.01.24 14:15:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.24 14:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.24 14:12:00 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tea\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.24 13:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.24 12:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012.01.24 12:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Desktop\Ad_Aware.Pro.8.1.4
[2012.01.24 11:32:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.01.23 18:13:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.01.23 18:13:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.01.23 18:13:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.01.23 18:13:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.01.23 18:13:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.23 18:11:42 | 004,388,468 | R--- | C] (Swearware) -- C:\Documents and Settings\Tea\Desktop\jgh.exe
[2012.01.23 11:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012.01.23 04:15:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.23 01:07:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
[2012.01.17 11:57:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.01.17 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012.01.17 11:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012.01.17 11:51:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tea\Start Menu\Programs\Administrative Tools
[2012.01.17 11:51:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tea\Desktop\erunt-setup.exe
[2012.01.17 11:51:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Tea\Desktop\dds.scr
[2012.01.17 02:49:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.01.16 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012.01.14 10:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Desktop\Riki 2-7mj
[2012.01.12 09:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
========== Files - Modified Within 30 Days ==========
[2012.01.26 15:20:02 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.26 12:26:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.26 12:25:46 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.26 12:25:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.26 12:22:21 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2012.01.26 11:22:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.01.26 01:50:24 | 000,436,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.26 01:50:24 | 000,068,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.25 22:49:09 | 000,123,392 | ---- | M] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.25 22:48:36 | 000,015,144 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\rotterdam1.jpg
[2012.01.25 22:43:58 | 000,043,604 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\rotterdam.jpg
[2012.01.25 21:18:17 | 002,401,739 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\cv.gif
[2012.01.25 12:45:07 | 000,028,152 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\wlan2.gif
[2012.01.25 12:44:53 | 000,024,068 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\wlan1.gif
[2012.01.25 11:46:49 | 000,127,758 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\problem.gif
[2012.01.25 11:40:26 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\IrfanView Thumbnails.lnk
[2012.01.25 11:40:26 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\IrfanView.lnk
[2012.01.24 14:15:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.24 14:14:21 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tea\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.24 13:28:54 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.01.24 13:28:54 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\statistics.dat
[2012.01.24 13:28:54 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.01.24 12:32:00 | 083,109,073 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ADawP.Dr.House.rar
[2012.01.24 11:54:05 | 000,012,696 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\combofixlog.zip
[2012.01.24 11:19:13 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Tea\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.01.24 01:30:45 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.24 01:19:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.01.23 18:08:16 | 004,388,468 | R--- | M] (Swearware) -- C:\Documents and Settings\Tea\Desktop\jgh.exe
[2012.01.23 18:06:54 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012.01.23 04:12:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.23 01:04:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
[2012.01.17 11:57:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ERUNT.lnk
[2012.01.17 11:56:37 | 000,007,597 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ddslog.zip
[2012.01.17 02:58:41 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tea\Desktop\erunt-setup.exe
[2012.01.17 02:57:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Tea\Desktop\dds.scr
[2012.01.11 12:14:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
========== Files Created - No Company Name ==========
[2012.01.25 22:46:47 | 000,015,144 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\rotterdam1.jpg
[2012.01.25 22:43:58 | 000,043,604 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\rotterdam.jpg
[2012.01.25 21:18:16 | 002,401,739 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\cv.gif
[2012.01.25 11:50:36 | 000,028,152 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\wlan2.gif
[2012.01.25 11:49:38 | 000,024,068 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\wlan1.gif
[2012.01.25 11:42:49 | 000,127,758 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\problem.gif
[2012.01.25 11:40:26 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\IrfanView Thumbnails.lnk
[2012.01.25 11:40:26 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\IrfanView.lnk
[2012.01.24 14:15:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.24 13:28:54 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.01.24 13:28:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\statistics.dat
[2012.01.24 13:28:54 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.01.24 12:53:16 | 083,109,073 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ADawP.Dr.House.rar
[2012.01.24 12:52:27 | 070,418,432 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\HTV2_upanijsk(110225_144428).mpg
[2012.01.24 11:54:05 | 000,012,696 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\combofixlog.zip
[2012.01.24 11:19:13 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Tea\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.01.24 00:41:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.23 18:13:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.23 18:13:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.23 18:13:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.23 18:13:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.23 18:13:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.01.17 11:57:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ERUNT.lnk
[2012.01.17 11:56:37 | 000,007,597 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ddslog.zip
[2012.01.16 10:38:09 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2011.09.27 16:42:36 | 000,044,832 | ---- | C] () -- C:\WINDOWS\System32\epfwdata.bin
[2011.05.30 05:55:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\{ACBFB8EE-A683-43AD-AC5B-B379A4A85257}
[2011.03.28 20:54:11 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.12.08 14:18:00 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Tea\Application Data\winscp.rnd
[2010.04.14 09:13:33 | 000,123,392 | ---- | C] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.11 21:16:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.04.11 17:23:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.11 16:00:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.04.11 15:12:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.04.11 15:10:52 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.11 13:29:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.04.11 13:23:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.04.14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 13:00:00 | 000,436,042 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 13:00:00 | 000,068,938 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.12.18 09:25:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007.12.18 09:25:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007.12.18 09:25:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.11.27 14:34:14 | 000,160,289 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007.02.06 15:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.02.06 14:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2010.07.02 12:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrystalIdea Software
[2010.04.11 16:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012.01.26 14:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010.04.11 13:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010.04.12 13:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010.07.22 20:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.14 15:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\BSplayer PRO
[2010.04.14 10:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.04.11 16:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\ESET
[2012.01.26 15:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\f-secure
[2010.04.25 22:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\Facebook
[2011.03.07 21:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\uTorrent
========== Purity Check ==========
< End of report >
oldman960
2012-01-26, 18:25
Hi marko1234,
Everything ok now? If so we'll clean up the tools.
From your desktop, please delete, if present
any notepads/logs that we created
You can delete any files we saved to your flash drive. You can keep the xPUD CD, it may come in handy one day.
You can also delete GETxPUD.exe from your other computer's desktop.
Next
Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /uninstall
Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.
I suggest you keep MBAM. Keep it updated and use it regularly.
Updates and upgrades
You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)
You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources. If you choose to install Foxit, decline the Foxit toolbar.
Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)
In either case you should uninstall Adobe Reader 9.4.1 first. Be sure to move any PDF documents to another folder first though.
Some Recommendations and prevention tips
Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have those.
You should also use Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) to help immunize your computer.
- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.
OR
A guide to understanding and using the hosts file.
Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)
Please read the info on disabling the DNS Client before installing a custom hosts file.
-Secure your Internet Explorer
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us)(using Internet Explorer) and download and install all critical updates on a regular basis
- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System > Updates tab
- Keep your antivirus program updated, as well as any other security programs you have.
-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)
Please post back if you have any problems.
Take care :adios:
marko1234
2012-01-26, 21:20
everything is working just fine... thanks a lot for your time and effort. This is my sisters laptop and she's quite a newbee about technical things. Ill try to explain too her what to avoid and not to use uTorrent. Im studying electronics so i know i thing or two about PCs etc. my desktop PC is clean as a whistle ;)
Again thanks a lot. Hope I don't need to bother you again. Take care my friend!
Adios ;)
oldman960
2012-01-27, 00:05
Hi marko1234,
You are more than welcome.
Take care, keep safe.
marko1234
2012-01-29, 23:10
hey oldman960
sorry to bother you again. my sister told me that she got a problem with laptop that used to happen to me while we were fixing it. sometimes when she turns it on, it boots up, icons show up but its frozen and when u hover over taskbar sand watch appears and it just stays like that till you shut it down (by force). after a few tries it boots up fine and works great (like it did 3 times i shut it down and turned back on). I assumed everything is okay and that everything is fixed. I guess my question is: Do you think that its still infected and can we try some other tests/scans to be sure?
Thanks
oldman960
2012-01-30, 02:23
Hi marko1234,
With malware it's possible we missed something.
Let's have a look.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, check scan all users
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lîk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
atapi.*
mrxsmb.*
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Next
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
Double click the aswMBR.exe to run it
If asked to download the Avast definition database please do so.
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
Please post back with
both OTL logs
aswMBR log
mbr.zip (attached)
marko1234
2012-01-30, 22:41
Hi oldman960
the otl.txt log was too long for the post so I have attached it along with mbr.dat file
extras.txt
OTL Extras logfile created on: 30.1.2012 21:45:54 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tea\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy
895,23 Mb Total Physical Memory | 376,61 Mb Available Physical Memory | 42,07% Memory free
2,12 Gb Paging File | 1,64 Gb Available in Paging File | 77,62% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101,44 Gb Total Space | 33,68 Gb Free Space | 33,20% Space Free | Partition Type: NTFS
Drive D: | 8,79 Gb Total Space | 0,64 Gb Free Space | 7,23% Space Free | Partition Type: NTFS
Computer Name: TEA-LAPTOP | User Name: Tea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1085031214-413027322-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Tea\Desktop\COD\Call of Duty 1.5 + United Offensive\Call of Duty\CoDUOMP.exe" = C:\Documents and Settings\Tea\Desktop\COD\Call of Duty 1.5 + United Offensive\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{11A7769F-6706-3191-9A9A-6B4AB0F56419}" = Catalyst Control Center Localization Norwegian
"{169F0A86-B4E2-E0D0-9623-4982A9C48C93}" = CCC Help Chinese Traditional
"{177775EF-DF8B-D947-0B51-D14ED1F836C5}" = Catalyst Control Center Localization Czech
"{183C2621-49ED-C3F3-6FFF-4807079E1AC0}" = CCC Help Thai
"{189DC77B-7B5B-0547-276B-C026EF0C757C}" = ccc-core-preinstall
"{1D8135C3-46FA-77E4-E645-405BD62DDAB9}" = Catalyst Control Center Localization Turkish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209DC8F3-20D6-56D1-3EDA-04792A59589D}" = CCC Help Greek
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 30
"{2A0AF7BE-CB9C-D902-676E-B3DAEECB6B2D}" = Catalyst Control Center Localization Korean
"{2B9A8E7E-CDE6-D723-3521-B6D4784FFBEA}" = Catalyst Control Center Localization Japanese
"{2D0A84FC-2178-131A-7563-705200BDFF20}" = CCC Help Polish
"{2EE6086A-2926-66A7-2B60-42FB259D95B7}" = Catalyst Control Center Localization Russian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33B75044-54B4-5AB4-7A19-7B9D77BF2285}" = Catalyst Control Center Localization Greek
"{33E58EE4-0E59-0017-78D0-D56FD3594770}" = CCC Help Korean
"{342BE86B-31F5-6E7E-A1CB-87BA5272BC2C}" = Catalyst Control Center Localization Hungarian
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{36807E1C-C7F5-CCF7-3617-F41837DECAF7}" = CCC Help Danish
"{3A8B8170-7321-E5FC-0047-74F9F5D21B25}" = Catalyst Control Center Localization Thai
"{3F93B2BA-18EC-462B-9ACD-396599353EE1}" = Catalyst Control Center - Branding
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D1E0AA2-3B34-6940-3663-0E255EFBBF63}" = CCC Help Portuguese
"{517459C1-A2C2-7641-AA71-4E7E98B5E8A9}" = CCC Help Spanish
"{53B35D1A-B93A-C389-409B-EEBC68D82861}" = Catalyst Control Center Core Implementation
"{540EA3CE-1229-5702-929D-A67E6331AC39}" = CCC Help Norwegian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A721E61-FBDE-9422-3C64-17D918C7196B}" = Catalyst Control Center Localization German
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F74F1E5-C4DF-7A18-3C11-A47382FFA660}" = CCC Help Swedish
"{611CB353-FEC0-1245-1859-B169344D1454}" = CCC Help Japanese
"{751CCF7A-CFF6-4A4B-9119-D4448D87B025}" = ESET Smart Security
"{77F38DEB-140F-0B24-52C4-6B385127CB1F}" = Catalyst Control Center Localization Finnish
"{79AAA8E0-B47C-EDAB-826E-C498AA4857CE}" = CCC Help Finnish
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89B65CDA-DC1B-C5B3-73DF-3CFF4A19A588}" = CCC Help German
"{8C74846F-56C1-7CA1-14BF-B7A87F7A0CA7}" = Catalyst Control Center Localization Dutch
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CEA4C7D0-ABBE-4074-A488-173BB382CDFF}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907E8FCC-ACB6-8F7D-9930-8C95F1DC7D87}" = ccc-utility
"{90A2E630-72EA-3309-6B02-9307C795345C}" = CCC Help Russian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A00E6A54-A3B5-7FCD-5DBA-4BFAB5B2DBD7}" = Catalyst Control Center Localization Italian
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A21A1F07-8EE5-1DC3-74E5-73AF089B5722}" = Catalyst Control Center Localization Polish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A843E814-9178-6F3F-E821-9094D33128F5}" = Catalyst Control Center Graphics Full New
"{A893EF27-F743-D48F-3971-ABD33A2A0902}" = CCC Help French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0CBF76-BD8E-48C0-AE32-31684A629836}" = HP Broadband Wireless Modules
"{AA3D13A1-2373-6638-8398-FBDA07FAC464}" = CCC Help Turkish
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AF0EC284-33B6-9100-E851-B64FDC070429}" = Catalyst Control Center Localization French
"{B1463859-54D3-03C0-2D87-04D15A4B5D06}" = Catalyst Control Center Localization Chinese Traditional
"{B15AC518-1C5D-D41F-37CA-768851B11FAB}" = Catalyst Control Center Localization Swedish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BC1584FD-B945-E401-7C34-929964DE9E24}" = CCC Help Chinese Standard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C443C2F5-CBEC-1299-3A60-6C3C9965EF5A}" = CCC Help Czech
"{C594294F-E38B-FB39-4C3B-E97EFCE3AC0D}" = Catalyst Control Center Localization Danish
"{C97636B2-42D2-C8C0-CDD8-4A323CF6BC5C}" = CCC Help Italian
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDA1ADA3-BBB4-4250-B272-AC21C78C3968}" = HP PCMCIA Smart Card Reader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0F7BFE-61D8-E7B8-6F99-F5E149B89051}" = Catalyst Control Center Localization Portuguese
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D7BE4FF6-24E1-3E12-D6D0-C76F26F31327}" = Catalyst Control Center Graphics Light
"{DFDE44B2-4E88-9B2D-75B6-945635C665DF}" = Catalyst Control Center Localization Spanish
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E634B696-8333-8216-6415-86272864894F}" = ccc-core-static
"{E78A17B7-B3E7-045B-820D-5DCE2541DEBC}" = CCC Help English
"{E978DAC8-F978-B81D-0BA1-9A566A79A7A6}" = CCC Help Hungarian
"{E9A82610-AD0E-F189-1F41-95996BC15794}" = Catalyst Control Center Graphics Full Existing
"{EB36FA85-8004-D358-601C-542FE3A2A77C}" = CCC Help Dutch
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6F6B40D-6477-87E2-3899-AF53366D84D2}" = Catalyst Control Center Localization Chinese Standard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BSPlayerp" = BS.Player PRO
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 hr)" = Mozilla Firefox 9.0.1 (x86 hr)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PKR" = PKR
"Sweet Home 3D_is1" = Sweet Home 3D version 3.2
"Uninstall Tool_is1" = Uninstall Tool
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR arhiver
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1085031214-413027322-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.8.2011 4:21:22 | Computer Name = TEA-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.4, faulting module
jaucheck.exe, version 2.0.2.4, fault address 0x000039b0.
Error - 27.8.2011 17:04:20 | Computer Name = TEA-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.4, faulting module
jaucheck.exe, version 2.0.2.4, fault address 0x000039b0.
Error - 28.8.2011 15:04:33 | Computer Name = TEA-LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 28.8.2011 15:04:33 | Computer Name = TEA-LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 28.8.2011 15:04:33 | Computer Name = TEA-LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 29.8.2011 13:13:30 | Computer Name = TEA-LAPTOP | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 9.1 -- Setup has detected that you already have
a more functional product installed. Setup will now terminate.
[ System Events ]
Error - 25.1.2012 19:03:27 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 ehdrv Fips
Error - 26.1.2012 10:04:05 | Computer Name = TEA-LAPTOP | Source = F-Secure Standalone Minifilter | ID = 327681
Description =
Error - 30.1.2012 5:02:38 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.
Error - 30.1.2012 5:06:35 | Computer Name = TEA-LAPTOP | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer2.
Error - 30.1.2012 5:08:55 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.
Error - 30.1.2012 5:13:26 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.
Error - 30.1.2012 5:16:47 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7038
Description = The RemoteRegistry service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%5 To ensure
that the service is configured properly, use the Services snap-in in Microsoft Management
Console
(MMC).
Error - 30.1.2012 5:16:47 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Remote Registry service failed to start due to the following error:
%%1069
Error - 30.1.2012 5:22:55 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.
Error - 30.1.2012 5:37:42 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.
< End of report >
[B]aswMBR.txt
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-30 22:00:14
-----------------------------
22:00:14.796 OS Version: Windows 5.1.2600 Service Pack 3
22:00:14.796 Number of processors: 2 586 0x6801
22:00:14.796 ComputerName: TEA-LAPTOP UserName: Tea
22:00:15.546 Initialize success
22:13:25.062 AVAST engine defs: 12013000
22:18:08.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:18:08.078 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC7BP Size: 114473MB BusType: 3
22:18:08.093 Disk 0 MBR read successfully
22:18:08.093 Disk 0 MBR scan
22:18:08.218 Disk 0 Windows XP default MBR code
22:18:08.218 Disk 0 Partition - 00 0F Extended LBA 103873 MB offset 16065
22:18:08.250 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 8996 MB offset 212752384
22:18:08.281 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 103873 MB offset 16128
22:18:08.281 Disk 0 scanning sectors +231176192
22:18:08.375 Disk 0 scanning C:\WINDOWS\system32\drivers
22:18:21.828 Service scanning
22:18:22.093 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
22:18:22.984 Modules scanning
22:18:29.968 Disk 0 trace - called modules:
22:18:29.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x84afbd31]<<
22:18:29.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b61ab8]
22:18:29.984 3 CLASSPNP.SYS[f74dcfd7] -> nt!IofCallDriver -> \Device\00000085[0x84b6a030]
22:18:29.984 5 ACPI.sys[f7373620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84be8498]
22:18:30.687 AVAST engine scan C:\WINDOWS
22:18:44.484 AVAST engine scan C:\WINDOWS\system32
22:22:16.781 AVAST engine scan C:\WINDOWS\system32\drivers
22:22:35.906 AVAST engine scan C:\Documents and Settings\Tea
22:27:27.859 AVAST engine scan C:\Documents and Settings\All Users
22:28:07.687 Scan finished successfully
22:28:58.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tea\Desktop\MBR.dat"
22:28:58.812 The log file has been saved successfully to "C:\Documents and Settings\Tea\Desktop\aswMBR.txt"
p.s. also there was an option that is not visible on the screenshots your provided AV scan with a drop down box (default was quick scan, other options were c:/ ; [..] and (none)). I used default QUICK SCAN, just wanted to let you know.
oldman960
2012-01-31, 00:07
Hi
It does look like something may be there. Let's see if this will show us what.
Go HERE (http://www.gmer.net/) to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE. Save it to your desktop.
Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click on the file you downloaded. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_th.gif (http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_screen2-1.gif)
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
If GMER will not run in normal windows, please run it in Safe Mode
marko1234
2012-01-31, 01:30
Here is the gmer log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-31 01:24:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC7BP
Running: bmefms5v.exe; Driver: C:\DOCUME~1\Tea\LOCALS~1\Temp\pwdoikog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xEB65B610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xEB65BC10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xEB65B730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xEB65B4B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xEB65B570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xEB65B6D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xEB65B790]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xEB65B690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xEB65B650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xEB65B7D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xEB65B510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xEB65B590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xEB65B4D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xEB65B5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xEB65B750]
INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F68EC59A
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F68EC655
---- Kernel code sections - GMER 1.0.15 ----
.text atapi.sys F72E7852 1 Byte [CC] {INT 3 }
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF676E000, 0x17D80E, 0xE8000020]
? C:\DOCUME~1\Tea\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1340] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:124] 84AAD161
Thread System [4:648] 83E8BC30
---- EOF - GMER 1.0.15 ----
p.s. hmmm I left it to scan, when i returned i found black screen, now im not sure if laptop went to standby or just turned off the monitor :( should i rerun the test?
marko1234
2012-01-31, 02:14
I redid the scan just to be sure so you can ignore the previous post. Here's the new log (although it seems the same too me)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-31 02:11:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC7BP
Running: bmefms5v.exe; Driver: C:\DOCUME~1\Tea\LOCALS~1\Temp\pwdoikog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xEB65B610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xEB65BC10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xEB65B730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xEB65B4B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xEB65B570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xEB65B6D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xEB65B790]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xEB65B690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xEB65B650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xEB65B7D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xEB65B510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xEB65B590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xEB65B4D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xEB65B5D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xEB65B750]
INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F68EC59A
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F68EC655
---- Kernel code sections - GMER 1.0.15 ----
.text atapi.sys F72E7852 1 Byte [CC] {INT 3 }
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF676E000, 0x17D80E, 0xE8000020]
? C:\DOCUME~1\Tea\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1340] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:124] 84AAD161
Thread System [4:648] 83E8BC30
---- EOF - GMER 1.0.15 ----
oldman960
2012-01-31, 11:18
Hi marko1234,
Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg
Click the Start Scan button.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg
If a suspicious object is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
marko1234
2012-01-31, 20:05
another problem that occurs... booting takes a whole lot of time. also while applying CURE while using kaspersky my antivirus nod32 popped up alerting me of a virus i was curing. dont know if that is a problem. I chose TAKE NO ACTION with nod32.
Here's the log you requested:
19:47:09.0500 3132 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
19:47:10.0734 3132 ============================================================
19:47:10.0734 3132 Current date / time: 2012/01/31 19:47:10.0734
19:47:10.0734 3132 SystemInfo:
19:47:10.0734 3132
19:47:10.0734 3132 OS Version: 5.1.2600 ServicePack: 3.0
19:47:10.0734 3132 Product type: Workstation
19:47:10.0734 3132 ComputerName: TEA-LAPTOP
19:47:10.0734 3132 UserName: Tea
19:47:10.0734 3132 Windows directory: C:\WINDOWS
19:47:10.0734 3132 System windows directory: C:\WINDOWS
19:47:10.0734 3132 Processor architecture: Intel x86
19:47:10.0734 3132 Number of processors: 2
19:47:10.0734 3132 Page size: 0x1000
19:47:10.0734 3132 Boot type: Normal boot
19:47:10.0734 3132 ============================================================
19:47:13.0250 3132 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:47:13.0250 3132 \Device\Harddisk0\DR0:
19:47:13.0250 3132 MBR used
19:47:13.0281 3132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xCAE0AFB
19:47:13.0281 3132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCAE5800, BlocksNum 0x1192000
19:47:13.0359 3132 Initialize success
19:47:13.0359 3132 ============================================================
19:47:37.0828 0352 ============================================================
19:47:37.0828 0352 Scan started
19:47:37.0828 0352 Mode: Manual; SigCheck; TDLFS;
19:47:37.0828 0352 ============================================================
19:47:38.0453 0352 Abiosdsk - ok
19:47:38.0828 0352 abp480n5 - ok
19:47:39.0328 0352 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:47:39.0390 0352 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
19:47:39.0390 0352 ACPI ( Virus.Win32.Rloader.a ) - infected
19:47:39.0390 0352 ACPI - detected Virus.Win32.Rloader.a (0)
19:47:39.0796 0352 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:47:47.0359 0352 ACPIEC - ok
19:47:47.0937 0352 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:47:48.0234 0352 ADIHdAudAddService - ok
19:47:48.0625 0352 adpu160m - ok
19:47:49.0093 0352 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
19:47:49.0171 0352 AEAudio - ok
19:47:49.0656 0352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:47:49.0953 0352 aec - ok
19:47:50.0468 0352 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:47:50.0625 0352 AFD - ok
19:47:51.0703 0352 AgereSoftModem (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:47:53.0406 0352 AgereSoftModem - ok
19:47:53.0812 0352 Aha154x - ok
19:47:54.0203 0352 aic78u2 - ok
19:47:54.0578 0352 aic78xx - ok
19:47:54.0937 0352 AliIde - ok
19:47:55.0343 0352 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:47:55.0390 0352 AmdK8 - ok
19:47:55.0734 0352 amsint - ok
19:47:56.0109 0352 asc - ok
19:47:56.0468 0352 asc3350p - ok
19:47:56.0828 0352 asc3550 - ok
19:47:57.0343 0352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:47:57.0562 0352 AsyncMac - ok
19:47:58.0046 0352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:47:58.0218 0352 atapi - ok
19:47:58.0625 0352 Atdisk - ok
19:48:00.0734 0352 ati2mtag (d0c00ee032994b698b47837a3561717a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:48:04.0250 0352 ati2mtag - ok
19:48:04.0765 0352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:48:05.0015 0352 Atmarpc - ok
19:48:05.0421 0352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:48:05.0593 0352 audstub - ok
19:48:06.0078 0352 b57w2k (133ad3794572bce689763a8356c7ed06) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
19:48:06.0250 0352 b57w2k - ok
19:48:07.0531 0352 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:48:09.0187 0352 BCM43XX - ok
19:48:09.0609 0352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:48:09.0812 0352 Beep - ok
19:48:10.0781 0352 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
19:48:11.0859 0352 BTKRNL - ok
19:48:12.0390 0352 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
19:48:12.0734 0352 BTWUSB - ok
19:48:13.0125 0352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:48:13.0328 0352 cbidf2k - ok
19:48:13.0718 0352 cd20xrnt - ok
19:48:14.0125 0352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:48:14.0312 0352 Cdaudio - ok
19:48:14.0781 0352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:48:15.0046 0352 Cdfs - ok
19:48:15.0500 0352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:48:15.0718 0352 Cdrom - ok
19:48:16.0125 0352 Changer - ok
19:48:16.0515 0352 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:48:16.0718 0352 CmBatt - ok
19:48:17.0109 0352 CmdIde - ok
19:48:17.0515 0352 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:48:17.0703 0352 Compbatt - ok
19:48:18.0125 0352 Cpqarray - ok
19:48:18.0515 0352 dac2w2k - ok
19:48:18.0859 0352 dac960nt - ok
19:48:19.0281 0352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:48:19.0500 0352 Disk - ok
19:48:20.0437 0352 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:48:21.0437 0352 dmboot - ok
19:48:22.0031 0352 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:48:22.0515 0352 dmio - ok
19:48:22.0890 0352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:48:23.0093 0352 dmload - ok
19:48:23.0515 0352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:48:23.0734 0352 DMusic - ok
19:48:24.0218 0352 dpti2o - ok
19:48:24.0593 0352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:48:24.0765 0352 drmkaud - ok
19:48:25.0250 0352 eamon (55e754e04c09daf19fc0054e72713d80) C:\WINDOWS\system32\DRIVERS\eamon.sys
19:48:25.0406 0352 eamon - ok
19:48:25.0843 0352 ehdrv (6f2441c26d74bde88c25e240a2720eeb) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
19:48:25.0937 0352 ehdrv - ok
19:48:26.0406 0352 epfw (93aa9cef77315a0866f8307195de416d) C:\WINDOWS\system32\DRIVERS\epfw.sys
19:48:26.0531 0352 epfw - ok
19:48:26.0937 0352 Epfwndis (7946b41daeb3e610742ff01a6d2d61b2) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
19:48:26.0984 0352 Epfwndis - ok
19:48:27.0453 0352 epfwtdi (f38059a07393a8c56bae8ff7ee0c3128) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
19:48:27.0515 0352 epfwtdi - ok
19:48:28.0046 0352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:48:28.0343 0352 Fastfat - ok
19:48:28.0828 0352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
19:48:29.0062 0352 Fdc - ok
19:48:29.0500 0352 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:48:29.0703 0352 Fips - ok
19:48:30.0156 0352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:48:30.0375 0352 Flpydisk - ok
19:48:30.0843 0352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:48:31.0109 0352 FltMgr - ok
19:48:31.0500 0352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:48:31.0703 0352 Fs_Rec - ok
19:48:32.0218 0352 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:48:32.0578 0352 Ftdisk - ok
19:48:32.0984 0352 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:48:33.0015 0352 GEARAspiWDM - ok
19:48:33.0421 0352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:48:33.0656 0352 Gpc - ok
19:48:34.0078 0352 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
19:48:34.0140 0352 HBtnKey - ok
19:48:34.0671 0352 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:48:34.0890 0352 HDAudBus - ok
19:48:35.0296 0352 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:48:35.0484 0352 HidUsb - ok
19:48:35.0921 0352 HP24X (362d8e46b618649591de2a5c2f0e58e1) C:\WINDOWS\system32\DRIVERS\HP24X.sys
19:48:35.0984 0352 HP24X - ok
19:48:36.0390 0352 hpn - ok
19:48:36.0937 0352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:48:37.0203 0352 HTTP - ok
19:48:37.0609 0352 i2omgmt - ok
19:48:37.0968 0352 i2omp - ok
19:48:38.0390 0352 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:48:38.0609 0352 i8042prt - ok
19:48:39.0078 0352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:48:39.0296 0352 Imapi - ok
19:48:39.0703 0352 ini910u - ok
19:48:40.0078 0352 IntelIde - ok
19:48:40.0500 0352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:48:40.0734 0352 Ip6Fw - ok
19:48:41.0156 0352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:48:41.0312 0352 IpFilterDriver - ok
19:48:41.0828 0352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:48:42.0031 0352 IpInIp - ok
19:48:42.0562 0352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:48:42.0875 0352 IpNat - ok
19:48:43.0312 0352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:48:43.0546 0352 IPSec - ok
19:48:44.0031 0352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:48:44.0109 0352 IRENUM - ok
19:48:44.0531 0352 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:48:44.0750 0352 isapnp - ok
19:48:45.0156 0352 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:48:45.0359 0352 Kbdclass - ok
19:48:45.0812 0352 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:48:46.0000 0352 kbdhid - ok
19:48:46.0500 0352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:48:46.0781 0352 kmixer - ok
19:48:47.0218 0352 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:48:47.0390 0352 KSecDD - ok
19:48:47.0796 0352 lbrtfdc - ok
19:48:48.0203 0352 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
19:48:48.0218 0352 MBAMProtector - ok
19:48:48.0625 0352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:48:48.0812 0352 mnmdd - ok
19:48:49.0218 0352 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:48:49.0437 0352 Modem - ok
19:48:49.0953 0352 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:48:50.0156 0352 Mouclass - ok
19:48:50.0546 0352 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:48:50.0765 0352 mouhid - ok
19:48:51.0187 0352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:48:51.0390 0352 MountMgr - ok
19:48:51.0781 0352 mraid35x - ok
19:48:52.0312 0352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:48:52.0718 0352 MRxDAV - ok
19:48:53.0375 0352 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:48:53.0921 0352 MRxSmb - ok
19:48:54.0375 0352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:48:54.0562 0352 Msfs - ok
19:48:54.0968 0352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:48:55.0187 0352 MSKSSRV - ok
19:48:55.0546 0352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:48:55.0750 0352 MSPCLOCK - ok
19:48:56.0187 0352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:48:56.0375 0352 MSPQM - ok
19:48:56.0781 0352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:48:56.0953 0352 mssmbios - ok
19:48:57.0437 0352 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:48:57.0578 0352 Mup - ok
19:48:58.0109 0352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:48:58.0375 0352 NDIS - ok
19:48:58.0781 0352 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:48:58.0843 0352 NdisTapi - ok
19:48:59.0296 0352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:48:59.0484 0352 Ndisuio - ok
19:48:59.0937 0352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:49:00.0234 0352 NdisWan - ok
19:49:00.0687 0352 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:49:00.0781 0352 NDProxy - ok
19:49:01.0203 0352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:49:01.0421 0352 NetBIOS - ok
19:49:01.0968 0352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:49:02.0468 0352 NetBT - ok
19:49:02.0875 0352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:49:03.0078 0352 Npfs - ok
19:49:03.0812 0352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:49:04.0500 0352 Ntfs - ok
19:49:04.0968 0352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:49:05.0156 0352 Null - ok
19:49:05.0546 0352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:49:05.0750 0352 NwlnkFlt - ok
19:49:06.0140 0352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:49:06.0343 0352 NwlnkFwd - ok
19:49:06.0812 0352 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:49:07.0078 0352 Parport - ok
19:49:07.0468 0352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:49:07.0640 0352 PartMgr - ok
19:49:08.0031 0352 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:49:08.0234 0352 ParVdm - ok
19:49:08.0687 0352 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:49:08.0937 0352 PCI - ok
19:49:09.0296 0352 PCIDump - ok
19:49:09.0687 0352 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:49:09.0921 0352 PCIIde - ok
19:49:10.0421 0352 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:49:10.0687 0352 Pcmcia - ok
19:49:11.0109 0352 PDCOMP - ok
19:49:11.0468 0352 PDFRAME - ok
19:49:11.0828 0352 PDRELI - ok
19:49:12.0187 0352 PDRFRAME - ok
19:49:12.0656 0352 perc2 - ok
19:49:13.0125 0352 perc2hib - ok
19:49:13.0593 0352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:49:13.0812 0352 PptpMiniport - ok
19:49:14.0218 0352 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:49:14.0421 0352 Processor - ok
19:49:14.0906 0352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:49:15.0156 0352 PSched - ok
19:49:15.0546 0352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:49:15.0734 0352 Ptilink - ok
19:49:16.0171 0352 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:49:16.0218 0352 PxHelp20 - ok
19:49:16.0578 0352 ql1080 - ok
19:49:16.0937 0352 Ql10wnt - ok
19:49:17.0296 0352 ql12160 - ok
19:49:17.0656 0352 ql1240 - ok
19:49:18.0015 0352 ql1280 - ok
19:49:18.0406 0352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:49:18.0593 0352 RasAcd - ok
19:49:19.0062 0352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:49:19.0296 0352 Rasl2tp - ok
19:49:19.0687 0352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:49:19.0921 0352 RasPppoe - ok
19:49:20.0296 0352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:49:20.0500 0352 Raspti - ok
19:49:20.0984 0352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:49:21.0328 0352 Rdbss - ok
19:49:21.0750 0352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:49:21.0921 0352 RDPCDD - ok
19:49:22.0500 0352 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:49:22.0937 0352 rdpdr - ok
19:49:23.0421 0352 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:49:23.0609 0352 RDPWD - ok
19:49:24.0109 0352 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:49:24.0328 0352 redbook - ok
19:49:24.0781 0352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:49:24.0906 0352 Secdrv - ok
19:49:25.0390 0352 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:49:25.0625 0352 Serial - ok
19:49:26.0046 0352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:49:26.0234 0352 Sfloppy - ok
19:49:26.0609 0352 Simbad - ok
19:49:26.0968 0352 Sparrow - ok
19:49:27.0375 0352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:49:27.0562 0352 splitter - ok
19:49:28.0078 0352 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:49:28.0218 0352 sr - ok
19:49:28.0812 0352 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:49:29.0265 0352 Srv - ok
19:49:29.0703 0352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:49:29.0875 0352 swenum - ok
19:49:30.0312 0352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:49:30.0578 0352 swmidi - ok
19:49:30.0984 0352 symc810 - ok
19:49:31.0343 0352 symc8xx - ok
19:49:31.0703 0352 sym_hi - ok
19:49:32.0062 0352 sym_u3 - ok
19:49:32.0531 0352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:49:32.0859 0352 sysaudio - ok
19:49:33.0484 0352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:49:34.0000 0352 Tcpip - ok
19:49:34.0421 0352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:49:34.0625 0352 TDPIPE - ok
19:49:35.0015 0352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:49:35.0203 0352 TDTCP - ok
19:49:35.0625 0352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:49:35.0875 0352 TermDD - ok
19:49:36.0281 0352 TosIde - ok
19:49:36.0718 0352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:49:36.0984 0352 Udfs - ok
19:49:37.0390 0352 ultra - ok
19:49:38.0000 0352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:49:38.0578 0352 Update - ok
19:49:39.0000 0352 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:49:39.0109 0352 USBAAPL - ok
19:49:39.0531 0352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:49:39.0750 0352 usbccgp - ok
19:49:40.0250 0352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:49:40.0468 0352 usbehci - ok
19:49:40.0921 0352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:49:41.0140 0352 usbhub - ok
19:49:41.0531 0352 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:49:41.0734 0352 usbohci - ok
19:49:42.0250 0352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:49:42.0734 0352 usbscan - ok
19:49:43.0156 0352 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:49:43.0343 0352 USBSTOR - ok
19:49:43.0828 0352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:49:44.0031 0352 VgaSave - ok
19:49:44.0406 0352 ViaIde - ok
19:49:44.0812 0352 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:49:45.0062 0352 VolSnap - ok
19:49:45.0531 0352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:49:45.0750 0352 Wanarp - ok
19:49:46.0125 0352 WDICA - ok
19:49:46.0578 0352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:49:46.0796 0352 wdmaud - ok
19:49:47.0296 0352 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:49:47.0468 0352 WmiAcpi - ok
19:49:47.0875 0352 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:49:48.0078 0352 WS2IFSL - ok
19:49:48.0125 0352 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:49:48.0640 0352 \Device\Harddisk0\DR0 - ok
19:49:48.0656 0352 Boot (0x1200) (96852dd8a09164cfbd067444d793afaf) \Device\Harddisk0\DR0\Partition0
19:49:48.0656 0352 \Device\Harddisk0\DR0\Partition0 - ok
19:49:48.0656 0352 Boot (0x1200) (cdf10a52227489d9e2636720e1ff5a4b) \Device\Harddisk0\DR0\Partition1
19:49:48.0656 0352 \Device\Harddisk0\DR0\Partition1 - ok
19:49:48.0671 0352 ============================================================
19:49:48.0671 0352 Scan finished
19:49:48.0671 0352 ============================================================
19:49:48.0812 0336 Detected object count: 1
19:49:48.0812 0336 Actual detected object count: 1
19:50:28.0062 0336 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
19:50:38.0875 0336 Backup copy found, using it..
19:50:39.0281 0336 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
19:50:39.0281 0336 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
19:50:46.0828 2412 Deinitialize success
oldman960
2012-02-01, 01:15
Hi marko1234,
19:47:39.0328 0352 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:47:39.0390 0352 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
19:47:39.0390 0352 ACPI ( Virus.Win32.Rloader.a ) - infected
19:47:39.0390 0352 ACPI - detected Virus.Win32.Rloader.a (0)
Looks like we got it. Nod probably noticed while TDSSK was moving it.
Please run aswMBR again this time with the additional scan.Disable Nod first.
marko1234
2012-02-06, 23:16
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-06 22:37:11
-----------------------------
22:37:11.406 OS Version: Windows 5.1.2600 Service Pack 3
22:37:11.406 Number of processors: 2 586 0x6801
22:37:11.406 ComputerName: TEA-LAPTOP UserName: Tea
22:37:13.812 Initialize success
22:37:45.453 AVAST engine defs: 12020601
22:37:51.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:37:51.750 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC7BP Size: 114473MB BusType: 3
22:37:51.843 Disk 0 MBR read successfully
22:37:51.843 Disk 0 MBR scan
22:37:52.312 Disk 0 Windows XP default MBR code
22:37:52.312 Disk 0 Partition - 00 0F Extended LBA 103873 MB offset 16065
22:37:52.359 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 8996 MB offset 212752384
22:37:52.500 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 103873 MB offset 16128
22:37:52.656 Disk 0 scanning sectors +231176192
22:37:53.343 Disk 0 scanning C:\WINDOWS\system32\drivers
22:38:30.796 Service scanning
22:38:34.640 Modules scanning
22:39:07.421 Disk 0 trace - called modules:
22:39:07.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
22:39:07.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b19ab8]
22:39:07.437 3 CLASSPNP.SYS[f74dcfd7] -> nt!IofCallDriver -> \Device\00000085[0x84a943b8]
22:39:07.437 5 ACPI.sys[f7373620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84b5bd98]
22:39:09.765 AVAST engine scan C:\WINDOWS
22:39:40.125 AVAST engine scan C:\WINDOWS\system32
22:55:29.187 AVAST engine scan C:\WINDOWS\system32\drivers
22:56:17.671 AVAST engine scan C:\Documents and Settings\Tea
23:08:37.656 AVAST engine scan C:\Documents and Settings\All Users
23:09:45.765 Scan finished successfully
23:10:13.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tea\Desktop\MBR.dat"
23:10:13.812 The log file has been saved successfully to "C:\Documents and Settings\Tea\Desktop\aswMBR.txt"
I've scanned the laptop with aswmbr [quickscan]... laptop is still very bad...
takes a while to boot and still sometimes when u turn it on it doesnt work, cant do anything, sand watch appears and doesnt go away... :( i think this laptop is beyond repair :( anything else i could do or is windows reinstall only thing that will help? sorry for the late answer.
oldman960
2012-02-07, 04:56
Hi marko1234,
Now that we have fixed that driver perhaps another run of combofix may turn something up. The driver may have been hidding something.
Please read through the instructions to familarize youself with what to expect when the tool runs.
Please download ComboFix from Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)or Link 2 (http://www.infospyware.net/antimalware/combofix/) to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to "Always ask me where to Save the files".
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
[list]
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.[/b]
Please post back with[LIST]
combofix log
How is the computer?
marko1234
2012-02-11, 20:25
Hi oldman960
Here's the log you requested
ComboFix 12-02-11.02 - Tea 11.02.2012 19:53:35.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.895.281 [GMT 1:00]
Running from: c:\documents and settings\Tea\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dds_log_trash.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-01-31 18:50 . 2012-01-31 18:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-26 20:23 . 2012-01-26 20:23 -------- d-----w- c:\program files\Common Files\Adobe
2012-01-26 14:01 . 2012-01-26 14:01 -------- d-----w- c:\documents and settings\Tea\Application Data\f-secure
2012-01-26 13:59 . 2012-01-26 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2012-01-26 11:22 . 2007-02-14 13:21 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys
2012-01-26 11:22 . 2007-02-14 13:21 30285 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2012-01-26 11:22 . 2007-02-14 13:20 868298 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2012-01-26 11:22 . 2007-02-14 13:20 47907 ----a-w- c:\windows\system32\drivers\btwhid.sys
2012-01-26 11:22 . 2007-02-14 13:20 30459 ----a-w- c:\windows\system32\drivers\btport.sys
2012-01-26 11:22 . 2007-02-14 13:20 149123 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2012-01-26 11:22 . 2007-02-14 13:20 530861 ----a-w- c:\windows\system32\drivers\btaudio.sys
2012-01-25 10:40 . 2012-01-25 10:40 -------- d-----w- c:\program files\IrfanView
2012-01-24 13:16 . 2012-01-24 13:16 -------- d-----w- c:\documents and settings\Tea\Application Data\Malwarebytes
2012-01-24 13:15 . 2012-01-24 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-24 13:15 . 2012-01-24 13:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-24 13:15 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 12:35 . 2012-01-24 12:35 -------- d-----w- c:\program files\Common Files\Java
2012-01-24 11:58 . 2012-01-24 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-01-23 23:41 . 2012-02-11 18:14 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-23 23:41 . 2012-01-23 23:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-23 23:41 . 2012-01-23 23:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-01-23 23:41 . 2012-02-11 18:14 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-01-23 23:41 . 2012-02-11 18:14 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-01-23 23:41 . 2012-02-11 18:14 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-01-23 23:41 . 2012-02-11 18:14 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-01-23 23:41 . 2012-02-11 18:14 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-01-23 23:41 . 2012-02-11 18:14 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-23 23:41 . 2012-01-23 23:41 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-23 23:41 . 2012-01-23 23:41 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-23 23:41 . 2012-01-23 23:41 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-23 10:33 . 2012-01-23 10:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-17 10:57 . 2012-01-17 10:57 -------- d-----w- c:\program files\ERUNT
2012-01-17 01:49 . 2012-01-17 01:49 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 18:51 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-01-26 00:49 . 2010-04-11 14:33 1391104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2012-02-11 18:14 . 2012-01-23 23:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-22 2140880]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Tea\\Desktop\\COD\\Call of Duty 1.5 + United Offensive\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [22.2.2010 15:50 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.2.2010 15:50 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [24.1.2012 14:15 652872]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [4.12.2006 15:13 292384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [24.1.2012 14:15 20464]
S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.4.2010 17:31 135664]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30.4.2010 17:31 135664]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [17.7.2007 0:24 35072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:31]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-60101761.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 20:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-02-11 20:10:42
ComboFix-quarantined-files.txt 2012-02-11 19:10
.
Pre-Run: 89.581.780.992 bytes free
Post-Run: 90.097.799.168 bytes free
.
- - End Of File - - BA206C6117DCBD4BD7DB8986535DA776
laptop is still really bad. just that windows XP logo when booting stays there for a few minutes, not to mention the actual time until laptop is finally operable. any more ideas?
oldman960
2012-02-11, 21:18
Hi marko1234,
I'm not seeing anything out of the ordinary in the logs. Is backimg up and reinstalling windows an option?
marko1234
2012-02-11, 21:34
yeah, it is. I mean I told my sister to back the photos and rest of the documents she needs to an usb so I think ill reinstall windows now. anyways thanks a lot for all your time and help. sorry i bothered you ;)
p.s. I have one question and i was wondering if you could help me... I will stick that usb with all the backup in my pc but i was wondering is there some way i could prevent infecting my PC. I have disabled auto run and just scan the usb with my nod32. Just wondering is that enough? thanks in advance
oldman960
2012-02-11, 23:07
Hi marko1234,
That should be enough if autorun has been disabled. What is the operating system of your computer, there may be a tool available to use on both your computer and the usb device.
marko1234
2012-02-11, 23:09
I'm still on windowsXP... old pc :)
oldman960
2012-02-12, 09:26
Hi marko1234,
You can run this on the computer while the usb device is attached. There isn't a user interface, you might see a brief black flash on your screen when it runs.
Download Flash_Disinfector.exe (http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe) by sUBs(and save it to your desktop.
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive anl/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
oldman960
2012-03-13, 22:44
Since this issue appears to be resolved ... this Topic has been closed.