Infected (sirefef.ch and mby not only that)

Status
Not open for further replies.
Im having serious and annoying problems with my laptop ... i've just restarted him for a 10x time and now finally my wlan is working... dont know why. but when i shut it down and turn it on, my wlan is off, laptop isnt detecting usb drives, sometimes cant even shut it down (start->shutdown/restart) so i have to shut it down by force. then after a lot of shut downs, one time it works :/

ComboFix-quarantined-files.txt
2012-01-24 10:32:27 . 2012-01-24 10:32:27 43,805 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\__.zip
2012-01-24 10:30:52 . 2012-01-24 10:30:52 14,378 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_zyrljehhlem9.reg.dat
2012-01-24 10:30:52 . 2012-01-24 10:30:52 1,340 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ZYRLJEHHLEM9.reg.dat
2012-01-24 10:27:09 . 2012-01-24 10:27:09 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-01-23 17:37:25 . 2012-01-23 17:37:25 178 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Internet Security 2012.reg.dat
2012-01-23 17:37:25 . 2012-01-23 17:37:25 152 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-uTorrent.reg.dat
2012-01-23 17:32:40 . 2011-10-25 06:09:02 90 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2012-01-23 17:29:33 . 2012-01-23 17:29:33 222 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\_1299035141_.zip
2012-01-23 17:29:29 . 2012-01-23 17:29:29 3,676 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_qbposdbservices.reg.dat
2012-01-23 17:29:29 . 2012-01-23 17:29:29 1,138 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_qbposdbservices.reg.dat
2012-01-23 17:28:22 . 2012-01-24 10:30:46 6,417 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-01-23 17:17:42 . 2012-01-23 17:17:42 1,140 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\_loader_.tlb.zip
2012-01-23 17:13:18 . 2012-01-24 10:32:28 1,282 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-01-23 03:21:05 . 2012-01-23 03:21:06 819,712 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\isecurity.exe.vir
2012-01-12 22:13:38 . 2012-01-16 09:38:09 73,728 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@80000000.vir
2012-01-12 07:42:22 . 2012-01-23 17:06:54 2,632 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\loader.tlb.vir
2012-01-11 22:56:20 . 2012-01-11 22:56:20 2,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\@.vir
2012-01-11 22:56:20 . 2012-01-11 22:56:20 455,936 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\L\ouevqxqi.vir
2012-01-11 22:56:18 . 2012-01-11 22:56:23 72,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\zyrljehhlem9.sys.vir
2012-01-10 20:51:45 . 2012-01-16 09:37:34 3,072 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147\U\000000c0.@.vir
2012-01-05 16:17:46 . 2012-01-12 07:42:22 31,232 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@800000cf.vir
2012-01-05 16:03:47 . 2012-01-12 07:41:09 3,072 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@000000c0.vir
2012-01-05 15:16:16 . 2012-01-12 07:41:46 24,064 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@800000cb.vir
2011-11-19 19:11:25 . 2012-01-12 07:41:23 32,768 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@800000c0.vir
2011-09-30 00:34:34 . 2012-01-12 07:47:23 3,072 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147\U\000000cb.@.vir
2011-09-30 00:34:34 . 2012-01-12 07:41:10 3,072 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@000000cb.vir
2011-09-10 14:59:36 . 2012-01-12 07:41:04 45,968 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@00000001.vir
2011-09-09 19:03:00 . 2012-01-12 07:52:32 1,536 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Tea\Local Settings\Application Data\f1d3e147\U\000000cf.@.vir
2011-09-09 19:03:00 . 2012-01-12 07:41:10 1,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB61291$\4057194823\U\@000000cf.vir
2008-04-14 12:00:00 . 2008-04-14 12:00:00 5,120 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\isdrv120.dll.vir

OTL fix log
All processes killed
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 11812 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 9926299 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 540806 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Tea
->Temp folder emptied: 295358790 bytes
->Temporary Internet Files folder emptied: 164668 bytes
->Java cache emptied: 99595 bytes
->FireFox cache emptied: 44140371 bytes
->Google Chrome cache emptied: 56614008 bytes
->Flash cache emptied: 123835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2408052 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52056 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 267855 bytes
RecycleBin emptied: 71434910 bytes

Total Files Cleaned = 460,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 01242012_140700

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

MBAM log
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Tea :: TEA-LAPTOP [administrator]

Protection: Enabled

24.1.2012 14:17:57
mbam-log-2012-01-24 (14-17-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181455
Time elapsed: 5 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\srenum (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Hi

Sorry you are having problems. As mentioned you have/had several infection. At which point did you notice the usb and wlan problem?

We may have only removed part of one.

Here's the link to VirusTotal

Please submit this file

C:\Windows\System32\drivers\ndisrd.sys

After the scan is complete and the results saved see if you have any luck submitting this one:

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\__.zip


Next

We need to manualy submit a file.

Please visit this site (Bleeping Computers)and follow the instructions for uploading the file.

In the top box please copy and paste the text in the following code box

Code: 
http://forums.spybot.info/showthread.php?t=64950&page=3

Use the browse button to navigate to the following file

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\__.zip



In the bottom box type oldman960.

Click Send File

Please post back with the VirusTotal results and let me know if you were able to submit the file at Bleeping Computers.

Thanks
 
Well first time i noticed problems with wlan,usb was after that first combofix use. Here are the results for virustotal:

Virustotal results for C:\Windows\System32\drivers\ndisrd.sys
SHA256: d359582ca1f00134dc049201be48e2f2d9df81b8e19f77c74d9ba73db6b21b15
SHA1: 613843dabaa2c42413879b5848dd43b0ff691c1a
MD5: 1359b200974395679b092f1d5f63cfa9
File size: 20.0 KB ( 20480 bytes )
File type: Win32 EXE
Detection ratio: 0 / 43
Analysis date: 2012-01-24 18:00:26 UTC ( 0 minutes ago )

Virustotal results for C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\__.zip

Try with this link https://www.virustotal.com/file/375...4eb26405737dc1b842b7db42/analysis/1327428150/

in case you cant see it scroll down, I've copy pasted it but its messy :(
SHA256: 37591e988f0877dae2d30e580122e0153b99ee8f4eb26405737dc1b842b7db42
SHA1: 1f7f4dd6f8b20fa0ec250327f7a119a03b2550d8
MD5: 550b64c29a791e3d56ae83bf6664acea
File size: 42.8 KB ( 43805 bytes )
File type: ZIP
Detection ratio: 27 / 43
Analysis date: 2012-01-24 18:02:30 UTC ( 2 minutes ago )
0
0
Antivirus Result Update
AhnLab-V3 - 20120122
AntiVir TR/Offend.6950063 20120123
Antiy-AVL - 20120121
Avast Win32:Rootkit-gen [Rtk] 20120123
AVG BackDoor.Generic14.AVFI 20120123
BitDefender Trojan.Generic.6950062 20120123
ByteHero - 20120123
CAT-QuickHeal - 20120123
ClamAV - 20120123
Commtouch W32/SYStroj.AR.gen!Eldorado 20120123
Comodo TrojWare.Win32.Rootkit.ZAccess.NA 20120123
DrWeb Trojan.MulDrop3.10059 20120124
Emsisoft Trojan.SuspectCRC!IK 20120123
eSafe - 20120123
eTrust-Vet Win32/Mushka.A!genus 20120123
F-Prot W32/SYStroj.AR.gen!Eldorado 20120123
F-Secure Trojan.Generic.6950062 20120123
Fortinet W32/Agent.NVG!tr 20120124
GData Trojan.Generic.6950062 20120123
Ikarus Trojan.SuspectCRC 20120123
Jiangmin Rootkit.Agent.opa 20120123
K7AntiVirus Riskware 20120123
Kaspersky HEUR:Trojan.Win32.Generic 20120124
McAfee Generic Rootkit.af 20120121
McAfee-GW-Edition Generic Rootkit.af 20120124
Microsoft Trojan:WinNT/Mushka.A 20120123
NOD32 a variant of Win32/Rootkit.Agent.NVG 20120123
Norman - 20120123
nProtect - 20120123
Panda Generic Malware 20120123
PCTools - 20120123
Prevx - 20120124
Rising - 20120118
Sophos Mal/Tent-A 20120123
SUPERAntiSpyware - 20120123
Symantec - 20120124
TheHacker Trojan/Agent.nvg 20120123
TrendMicro - 20120123
TrendMicro-HouseCall - 20120124
VBA32 Rootkit.Agent.bqmi 20120123
VIPRE Trojan.Win32.Biscker (v) 20120123
ViRobot - 20120123
VirusBuster Rootkit.Agent!gDu3VCAnKAU 20120123

.I have successfully submited the file to bleeping computers.
 
Hi marko1234,

When you say XP doesn't see the usb, do you mean it doesn't see the ports at all or just doesn't see the device? What happens when you plug a usb device in?

Click start > right click
  • click properties
  • click Hardware tab
  • click device manager
Any yellow ! marks?

Are the usb ports list under unuvsersal serial bus controllers?

You said you needed to dpwnload and reinstall your wlan driver. What was the file name and where did you download it from?
 
I have attached 3 screenshot since i find it easier than to try explain it with words.

Problem.gif - answers most of the questions you asked.
wlan1.gif - when i double click on Broadcom 802.11 multiband... it shows NO DRIVER installed and when you look at
wlan2.gif - when i click on DRIVER tab, you can see the driver IS installed.

The wlan driver i downloaded had the name sp37950.exe and i have downloaded it from http://driverscollection.com/?H=Compaq 6715s&By=HP&SS=Windows XP (third one from the top).

P.s. The problem is still there but i found a ugly solution. Everytime i restart/shut down and laptop finishes booting up, my WLAN is not working, usb not detected (tried two different USB flashdrives on two different ports) and most of the time my laptop freezes when it boots, meaning i cant click anything and when i hover with my mouse over START button (and the whole taskbar) i get that BUSY sandwatch. only "fix" that has worked so far (tried two times, both successfull) is pressing a button on my laptopthat is used to turn WLAN on/off asap while booting. The blue LED goes off and when laptop finishes booting I press it again to turn it on and it works :/
sorry for this messy explanation but i cant describe it any better :(
 
Hi marko1234,

I'm not sure if you have the correct drivers. The one you downloaded, when I followed the link to the file seems to indicate that it's for HP Compaq 6715s Notebook PC . However the HP site says differently. The files for that model can be found HERE. The file name is different than what you posted.

What is the model and number of your laptop? There should be a label on the bottom or under the battery.
 
I have downloaded the driver from the link you gave me and wlan worked just fine when i shut it down and back on. i was rly happy and thought we succeeded. Then I thought to myself, ill try again just to be sure. restarted and to my dissapointment same old story, wlan not working (problem1.gif from the last post), usb failing, cant shutdown normally. some mean ass virus/trojan :(
Is windows reinstall my only option or ...?
 
And yeah my laptop model is Compaq 6715s. really stupid that google gives you that bulls**t site as a first result when you google "HP compaq 6715s wlan driver"
 
Oh and btw, after 10 forced shutdowns didnt get the wlan to work. im currently using safe mode with networking and wlan is working (obviously). just wanted to let you know
 
Hi marko1234,

Did you unstall the old drivers first?

Let's get another OTL log,

Please run this in Normal Windows as it will show the state of the services plus the running process that will not be running in safe mode. You can save the logs then boot back to Safe Mode with Networking to post the logs.



  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output
  • Check the box beside "scan all users"
  • In the Extra Registry section change it to All
  • UnCheck the boxes beside LOP Check and Purity Check.
  • In the window under Custom Scans/Fixes copy and paste the following


    netsvcs
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
    /md5start
    consrv.*
    winsrv.*
    ndisrd.*
    /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
Last edited:
OTL logfile created on: 26.1.2012 1:56:23 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tea\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

895,23 Mb Total Physical Memory | 356,13 Mb Available Physical Memory | 39,78% Memory free
2,12 Gb Paging File | 1,62 Gb Available in Paging File | 76,73% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101,44 Gb Total Space | 31,97 Gb Free Space | 31,52% Space Free | Partition Type: NTFS
Drive D: | 8,79 Gb Total Space | 0,63 Gb Free Space | 7,23% Space Free | Partition Type: NTFS

Computer Name: TEA-LAPTOP | User Name: Tea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.23 01:04:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010.02.22 15:50:16 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010.02.22 15:49:56 | 002,140,880 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.06 14:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.12.04 15:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.24 12:01:26 | 012,231,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62da3f0fabaac0a8c8a4e11f9012391d\System.Web.ni.dll
MOD - [2012.01.23 23:35:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012.01.23 23:35:14 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2012.01.23 23:34:54 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2012.01.23 18:58:02 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012.01.23 18:57:51 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012.01.23 18:56:50 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010.06.03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.04.11 21:14:50 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2908.16950__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:50 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2908.16911__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:50 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2908.16962__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2908.16942__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2908.16929__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:49 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2908.17117__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:49 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2908.17139__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:49 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2908.17131__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:49 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2908.17098__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:49 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:47 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2908.17160__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:06 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2908.17167__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:06 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2908.16956__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:06 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2908.16923__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2908.16955__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:05 | 000,352,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2908.17105__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:05 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:05 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2908.17111__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:05 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2908.17104__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:05 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:03 | 000,794,624 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:03 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2908.17124__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:03 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:02 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2908.16976__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2908.16930__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,217,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2908.16969__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:01 | 000,901,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2908.17132__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,663,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2908.17099__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,479,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2908.17059__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2908.17092__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:01 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2908.17063__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:01 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2908.17091__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.04.11 21:13:59 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.04.11 21:13:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.04.11 21:13:59 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010.04.11 21:13:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.04.11 21:13:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll
MOD - [2010.04.11 21:13:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.04.11 21:13:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.04.11 21:13:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.04.11 21:13:58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2010.04.11 21:13:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.04.11 21:13:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.04.11 21:13:46 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2908.17177__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.04.11 21:13:46 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2908.16901__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.04.11 21:13:45 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2908.16937__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.04.11 21:13:45 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2908.17152__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.04.11 21:13:45 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2908.17150__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.04.11 21:13:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.04.11 21:13:45 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.04.11 21:13:45 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.04.11 21:13:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.04.11 21:13:44 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2908.16903__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.04.11 21:13:44 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.04.11 21:13:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.04.11 21:13:42 | 001,507,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2908.16918__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.04.11 21:13:41 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2908.16903__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010.04.11 21:13:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2908.16902__90ba9c70f846762e\APM.Server.dll
MOD - [2010.04.11 21:13:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2908.16901__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.04.11 21:13:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.04.11 21:13:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2908.17151__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.04.11 21:13:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.04.11 21:13:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.02.06 14:20:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.02.06 14:16:06 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.02.22 15:52:52 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.02.22 15:50:16 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2006.12.04 15:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)


========== Driver Services (SafeList) ==========

DRV - [2012.01.26 01:49:45 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.22 20:01:22 | 000,020,480 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisrd.sys -- (ndisrd)
DRV - [2010.02.22 15:51:06 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.02.22 15:51:04 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.02.22 15:50:56 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.02.22 15:50:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.02.22 15:47:20 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.04.28 19:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007.12.18 10:46:24 | 002,849,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.07.17 00:24:00 | 000,035,072 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2007.01.02 14:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.12.15 13:44:42 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.07.01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1085031214-413027322-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-413027322-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tea\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.24 00:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.24 00:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.04.11 16:11:46 | 000,000,000 | ---D | M]

[2010.04.11 16:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Extensions
[2012.01.24 00:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions
[2011.04.05 22:05:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.23 04:31:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.01.23 04:31:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.01.24 13:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.24 13:35:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012.01.24 00:41:31 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.24 00:41:25 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.01.24 00:41:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.24 00:41:25 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.01.24 00:41:25 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2012.01.24 00:41:25 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Tea\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_JamesWhite = C:\Documents and Settings\Tea\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\

O1 HOSTS File: ([2012.01.24 11:34:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-413027322-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-413027322-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-413027322-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-413027322-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23FB4650-9569-4754-B0F8-C11D10A8F1DD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Pozadina radne površine.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Pozadina radne površine.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.11 13:26:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012.01.26 01:46:00 | 008,094,608 | ---- | C] (Hewlett-Packard Company ) -- C:\Documents and Settings\Tea\Desktop\sp41680.exe
[2012.01.25 23:45:25 | 007,122,616 | ---- | C] (Hewlett-Packard Company ) -- C:\Documents and Settings\Tea\Desktop\sp40535.exe
[2012.01.25 11:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Start Menu\Programs\IrfanView
[2012.01.25 11:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012.01.24 14:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Application Data\Malwarebytes
[2012.01.24 14:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.24 14:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.01.24 14:15:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.24 14:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.24 14:12:00 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tea\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.24 13:36:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.24 13:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.24 13:35:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.01.24 13:35:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.01.24 13:35:30 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.01.24 12:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012.01.24 12:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Desktop\Ad_Aware.Pro.8.1.4
[2012.01.24 12:49:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.01.24 11:32:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.01.23 18:13:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.01.23 18:13:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.01.23 18:13:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.01.23 18:13:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.01.23 18:13:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.23 18:11:42 | 004,388,468 | R--- | C] (Swearware) -- C:\Documents and Settings\Tea\Desktop\jgh.exe
[2012.01.23 11:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012.01.23 04:15:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.23 01:07:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
[2012.01.17 11:57:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.01.17 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012.01.17 11:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012.01.17 11:51:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tea\Start Menu\Programs\Administrative Tools
[2012.01.17 11:51:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tea\Desktop\erunt-setup.exe
[2012.01.17 11:51:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Tea\Desktop\dds.scr
[2012.01.17 02:49:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.01.16 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012.01.14 10:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Desktop\Riki 2-7mj
[2012.01.12 09:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2012.01.26 01:53:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.26 01:53:23 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.26 01:53:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.26 01:50:24 | 000,436,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.26 01:50:24 | 000,068,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.26 01:49:45 | 001,391,104 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\BCMWL5.SYS
[2012.01.25 23:45:26 | 007,122,616 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Tea\Desktop\sp40535.exe
[2012.01.25 23:20:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.25 22:49:09 | 000,123,392 | ---- | M] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.25 22:48:36 | 000,015,144 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\rotterdam1.jpg
[2012.01.25 22:43:58 | 000,043,604 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\rotterdam.jpg
[2012.01.25 21:18:17 | 002,401,739 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\cv.gif
[2012.01.25 18:32:42 | 008,094,608 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Tea\Desktop\sp41680.exe
[2012.01.25 13:03:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2012.01.25 12:45:07 | 000,028,152 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\wlan2.gif
[2012.01.25 12:44:53 | 000,024,068 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\wlan1.gif
[2012.01.25 11:46:49 | 000,127,758 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\problem.gif
[2012.01.25 11:40:26 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\IrfanView Thumbnails.lnk
[2012.01.25 11:40:26 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\IrfanView.lnk
[2012.01.25 01:03:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2012.01.24 19:03:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2012.01.24 14:15:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.24 14:14:21 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tea\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.24 13:28:54 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.01.24 13:28:54 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\statistics.dat
[2012.01.24 13:28:54 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.01.24 13:24:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2012.01.24 12:32:00 | 083,109,073 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ADawP.Dr.House.rar
[2012.01.24 11:54:05 | 000,012,696 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\combofixlog.zip
[2012.01.24 11:34:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.01.24 11:19:13 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Tea\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.01.24 01:30:45 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.24 01:19:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.01.23 18:08:16 | 004,388,468 | R--- | M] (Swearware) -- C:\Documents and Settings\Tea\Desktop\jgh.exe
[2012.01.23 18:06:54 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012.01.23 04:12:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.23 01:04:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
[2012.01.17 11:57:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ERUNT.lnk
[2012.01.17 11:56:37 | 000,007,597 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ddslog.zip
[2012.01.17 02:58:41 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tea\Desktop\erunt-setup.exe
[2012.01.17 02:57:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Tea\Desktop\dds.scr
[2012.01.11 12:14:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2012.01.26 01:49:21 | 000,873,374 | ---- | C] () -- C:\WINDOWS\System32\oem38.inf
[2012.01.25 22:46:47 | 000,015,144 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\rotterdam1.jpg
[2012.01.25 22:43:58 | 000,043,604 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\rotterdam.jpg
[2012.01.25 21:18:16 | 002,401,739 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\cv.gif
[2012.01.25 11:50:36 | 000,028,152 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\wlan2.gif
[2012.01.25 11:49:38 | 000,024,068 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\wlan1.gif
[2012.01.25 11:42:49 | 000,127,758 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\problem.gif
[2012.01.25 11:40:26 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\IrfanView Thumbnails.lnk
[2012.01.25 11:40:26 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\IrfanView.lnk
[2012.01.24 14:15:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.24 13:28:54 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.01.24 13:28:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\statistics.dat
[2012.01.24 13:28:54 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.01.24 13:04:27 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2012.01.24 13:04:27 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2012.01.24 13:04:26 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2012.01.24 13:04:26 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2012.01.24 12:53:16 | 083,109,073 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ADawP.Dr.House.rar
[2012.01.24 12:52:27 | 070,418,432 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\HTV2_upanijsk(110225_144428).mpg
[2012.01.24 11:54:05 | 000,012,696 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\combofixlog.zip
[2012.01.24 11:19:13 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Tea\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.01.24 00:41:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.23 18:13:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.23 18:13:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.23 18:13:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.23 18:13:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.23 18:13:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.01.17 11:57:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ERUNT.lnk
[2012.01.17 11:56:37 | 000,007,597 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ddslog.zip
[2012.01.16 10:38:09 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2011.09.27 16:42:36 | 000,044,832 | ---- | C] () -- C:\WINDOWS\System32\epfwdata.bin
[2011.05.30 05:55:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\{ACBFB8EE-A683-43AD-AC5B-B379A4A85257}
[2011.03.28 20:54:11 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.12.08 14:18:00 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Tea\Application Data\winscp.rnd
[2010.04.14 09:13:33 | 000,123,392 | ---- | C] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.11 21:16:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.04.11 17:23:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.11 16:00:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.04.11 15:12:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.04.11 15:10:52 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.11 13:29:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.04.11 13:23:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.04.14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 13:00:00 | 000,436,042 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 13:00:00 | 000,068,938 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.12.18 09:25:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007.12.18 09:25:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007.12.18 09:25:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.11.27 14:34:14 | 000,160,289 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007.02.06 14:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.02.06 13:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd /s >
"ImagePath" = system32\DRIVERS\ndisrd.sys -- [2011.09.22 20:01:22 | 000,020,480 | ---- | M] (NT Kernel Resources)
"DisplayName" = WinpkFilter Service
"Group" = PNP_TDI
"ErrorControl" = 1
"Type" = 1
"Start" = 3
"Tag" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Parameters\Adapters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Parameters\Adapters\NdisWanIp]
"UpperBindings" = \Device\{0435696E-E320-4BAD-9D22-21077D103E1D}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Parameters\Adapters\{7DA07B17-F732-47DB-974F-215CA39D72AB}]
"UpperBindings" = \Device\{BFCAF0DB-1F20-4B13-9D4C-BC506D4BBAD4}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Parameters\Adapters\{992EF97A-8EFC-4913-ABB3-584C93658CE2}]
"UpperBindings" = \Device\{FCC8F090-D603-4401-84EA-999C9FD57ACE}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisrd\Enum]
"0" = Root\NT_NDISRDMP\0001
"Count" = 2
"NextInstance" = 2
"1" = Root\NT_NDISRDMP\0002

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >
"Debug" =
"Kmode" = %SystemRoot%\system32\win32k.sys -- [2011.11.23 14:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation)
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase" = 2137980928


< MD5 for: NDISRD.SYS >
[2011.09.22 20:01:22 | 000,020,480 | ---- | M] (NT Kernel Resources) MD5=1359B200974395679B092F1D5F63CFA9 -- C:\WINDOWS\system32\drivers\ndisrd.sys

< MD5 for: WINSRV.DLL >
[2008.04.14 13:00:00 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\WINDOWS\$NtUninstallKB2121546$\winsrv.dll
[2010.06.18 18:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=42B5427FAC23BF6F1F31E466B7FEB084 -- C:\WINDOWS\$NtUninstallKB2507938$\winsrv.dll
[2010.06.18 18:43:57 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=6DC05976FB5B8E1358EAC8BEDFD1FA47 -- C:\WINDOWS\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
[2011.11.25 22:57:19 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\sp3gdr\winsrv.dll
[2011.11.25 22:57:19 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\system32\dllcache\winsrv.dll
[2011.11.25 22:57:19 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\system32\winsrv.dll
[2011.11.25 22:56:26 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=B23423313519C522E0E73BA170D3CE71 -- C:\WINDOWS\$hf_mig$\KB2646524\SP3QFE\winsrv.dll
[2011.11.25 22:56:26 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=B23423313519C522E0E73BA170D3CE71 -- C:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\sp3qfe\winsrv.dll
[2011.04.26 12:07:50 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=EC0A223C4854E98A3AFB2C31B7B420A0 -- C:\WINDOWS\$NtUninstallKB2646524$\winsrv.dll
[2011.04.26 12:07:50 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=EC0A223C4854E98A3AFB2C31B7B420A0 -- C:\WINDOWS\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\sp3gdr\winsrv.dll
[2011.04.26 12:02:48 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=F52D3C601CF618479F9AD43B07599BED -- C:\WINDOWS\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
[2011.04.26 12:02:48 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=F52D3C601CF618479F9AD43B07599BED -- C:\WINDOWS\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf\sp3qfe\winsrv.dll

< MD5 for: WINSRV.DLL.000 >
[2011.04.26 12:07:50 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=EC0A223C4854E98A3AFB2C31B7B420A0 -- C:\WINDOWS\$NtUninstallKB2646524$\winsrv.dll.000

< End of report >
 
OTL Extras logfile created on: 26.1.2012 1:56:23 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tea\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

895,23 Mb Total Physical Memory | 356,13 Mb Available Physical Memory | 39,78% Memory free
2,12 Gb Paging File | 1,62 Gb Available in Paging File | 76,73% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101,44 Gb Total Space | 31,97 Gb Free Space | 31,52% Space Free | Partition Type: NTFS
Drive D: | 8,79 Gb Total Space | 0,63 Gb Free Space | 7,23% Space Free | Partition Type: NTFS

Computer Name: TEA-LAPTOP | User Name: Tea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1085031214-413027322-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"25292:TCP" = 25292:TCP:*:Enabled:System38
"7244:TCP" = 7244:TCP:*:Enabled:System38

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Tea\Desktop\COD\Call of Duty 1.5 + United Offensive\Call of Duty\CoDUOMP.exe" = C:\Documents and Settings\Tea\Desktop\COD\Call of Duty 1.5 + United Offensive\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{11A7769F-6706-3191-9A9A-6B4AB0F56419}" = Catalyst Control Center Localization Norwegian
"{169F0A86-B4E2-E0D0-9623-4982A9C48C93}" = CCC Help Chinese Traditional
"{177775EF-DF8B-D947-0B51-D14ED1F836C5}" = Catalyst Control Center Localization Czech
"{183C2621-49ED-C3F3-6FFF-4807079E1AC0}" = CCC Help Thai
"{189DC77B-7B5B-0547-276B-C026EF0C757C}" = ccc-core-preinstall
"{1D8135C3-46FA-77E4-E645-405BD62DDAB9}" = Catalyst Control Center Localization Turkish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209DC8F3-20D6-56D1-3EDA-04792A59589D}" = CCC Help Greek
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 30
"{2A0AF7BE-CB9C-D902-676E-B3DAEECB6B2D}" = Catalyst Control Center Localization Korean
"{2B9A8E7E-CDE6-D723-3521-B6D4784FFBEA}" = Catalyst Control Center Localization Japanese
"{2D0A84FC-2178-131A-7563-705200BDFF20}" = CCC Help Polish
"{2EE6086A-2926-66A7-2B60-42FB259D95B7}" = Catalyst Control Center Localization Russian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33B75044-54B4-5AB4-7A19-7B9D77BF2285}" = Catalyst Control Center Localization Greek
"{33E58EE4-0E59-0017-78D0-D56FD3594770}" = CCC Help Korean
"{342BE86B-31F5-6E7E-A1CB-87BA5272BC2C}" = Catalyst Control Center Localization Hungarian
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{36807E1C-C7F5-CCF7-3617-F41837DECAF7}" = CCC Help Danish
"{3A8B8170-7321-E5FC-0047-74F9F5D21B25}" = Catalyst Control Center Localization Thai
"{3F93B2BA-18EC-462B-9ACD-396599353EE1}" = Catalyst Control Center - Branding
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D1E0AA2-3B34-6940-3663-0E255EFBBF63}" = CCC Help Portuguese
"{517459C1-A2C2-7641-AA71-4E7E98B5E8A9}" = CCC Help Spanish
"{53B35D1A-B93A-C389-409B-EEBC68D82861}" = Catalyst Control Center Core Implementation
"{540EA3CE-1229-5702-929D-A67E6331AC39}" = CCC Help Norwegian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A721E61-FBDE-9422-3C64-17D918C7196B}" = Catalyst Control Center Localization German
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F74F1E5-C4DF-7A18-3C11-A47382FFA660}" = CCC Help Swedish
"{611CB353-FEC0-1245-1859-B169344D1454}" = CCC Help Japanese
"{751CCF7A-CFF6-4A4B-9119-D4448D87B025}" = ESET Smart Security
"{77F38DEB-140F-0B24-52C4-6B385127CB1F}" = Catalyst Control Center Localization Finnish
"{79AAA8E0-B47C-EDAB-826E-C498AA4857CE}" = CCC Help Finnish
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89B65CDA-DC1B-C5B3-73DF-3CFF4A19A588}" = CCC Help German
"{8C74846F-56C1-7CA1-14BF-B7A87F7A0CA7}" = Catalyst Control Center Localization Dutch
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CEA4C7D0-ABBE-4074-A488-173BB382CDFF}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907E8FCC-ACB6-8F7D-9930-8C95F1DC7D87}" = ccc-utility
"{90A2E630-72EA-3309-6B02-9307C795345C}" = CCC Help Russian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A00E6A54-A3B5-7FCD-5DBA-4BFAB5B2DBD7}" = Catalyst Control Center Localization Italian
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A21A1F07-8EE5-1DC3-74E5-73AF089B5722}" = Catalyst Control Center Localization Polish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A843E814-9178-6F3F-E821-9094D33128F5}" = Catalyst Control Center Graphics Full New
"{A893EF27-F743-D48F-3971-ABD33A2A0902}" = CCC Help French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0CBF76-BD8E-48C0-AE32-31684A629836}" = HP Broadband Wireless Modules
"{AA3D13A1-2373-6638-8398-FBDA07FAC464}" = CCC Help Turkish
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF0EC284-33B6-9100-E851-B64FDC070429}" = Catalyst Control Center Localization French
"{B1463859-54D3-03C0-2D87-04D15A4B5D06}" = Catalyst Control Center Localization Chinese Traditional
"{B15AC518-1C5D-D41F-37CA-768851B11FAB}" = Catalyst Control Center Localization Swedish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BC1584FD-B945-E401-7C34-929964DE9E24}" = CCC Help Chinese Standard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C443C2F5-CBEC-1299-3A60-6C3C9965EF5A}" = CCC Help Czech
"{C594294F-E38B-FB39-4C3B-E97EFCE3AC0D}" = Catalyst Control Center Localization Danish
"{C97636B2-42D2-C8C0-CDD8-4A323CF6BC5C}" = CCC Help Italian
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDA1ADA3-BBB4-4250-B272-AC21C78C3968}" = HP PCMCIA Smart Card Reader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0F7BFE-61D8-E7B8-6F99-F5E149B89051}" = Catalyst Control Center Localization Portuguese
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D7BE4FF6-24E1-3E12-D6D0-C76F26F31327}" = Catalyst Control Center Graphics Light
"{DFDE44B2-4E88-9B2D-75B6-945635C665DF}" = Catalyst Control Center Localization Spanish
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E634B696-8333-8216-6415-86272864894F}" = ccc-core-static
"{E78A17B7-B3E7-045B-820D-5DCE2541DEBC}" = CCC Help English
"{E978DAC8-F978-B81D-0BA1-9A566A79A7A6}" = CCC Help Hungarian
"{E9A82610-AD0E-F189-1F41-95996BC15794}" = Catalyst Control Center Graphics Full Existing
"{EB36FA85-8004-D358-601C-542FE3A2A77C}" = CCC Help Dutch
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6F6B40D-6477-87E2-3899-AF53366D84D2}" = Catalyst Control Center Localization Chinese Standard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BSPlayerp" = BS.Player PRO
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 hr)" = Mozilla Firefox 9.0.1 (x86 hr)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PKR" = PKR
"Sweet Home 3D_is1" = Sweet Home 3D version 3.2
"Uninstall Tool_is1" = Uninstall Tool
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR arhiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-413027322-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 24.1.2012 9:49:22 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Remote Registry service failed to start due to the following error:
%%1069

Error - 24.1.2012 9:51:36 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.

Error - 25.1.2012 7:15:19 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.

Error - 25.1.2012 7:20:05 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.

Error - 25.1.2012 15:49:58 | Computer Name = TEA-LAPTOP | Source = PSched | ID = 14103
Description = QoS [Adapter {992EF97A-8EFC-4913-ABB3-584C93658CE2}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 25.1.2012 17:56:41 | Computer Name = TEA-LAPTOP | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001A73788250. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 25.1.2012 18:34:24 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {57787927-8B56-4E73-A2BB-5FC76872CDA0} did not register
with DCOM within the required timeout.

Error - 25.1.2012 18:34:24 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.

Error - 25.1.2012 19:02:40 | Computer Name = TEA-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 25.1.2012 19:03:27 | Computer Name = TEA-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 ehdrv Fips


< End of report >
 
I uninstalled wlan driver and reinstalled it properly now. it seems to work now. tried 3 times, everytime that notification icon was indicating it is working except that my pc froze second time. but i guess its the problem that the virus is causing (nothing new, happened alot and i have mentioned it).
 
Hi marko1234,

Let's see if this will help.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code: 
File::
c:\windows\system32\drivers\ndisrd.sys 
C:\WINDOWS\System32\oem38.inf

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"25292:TCP"=-
"7244:TCP"=-

Driver::
ndisrd

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif
 
Hi oldman960

Here's the log you requested.

ComboFix 12-01-23.02 - Tea 26.01.2012 11:14:39.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.895.270 [GMT 1:00]
Running from: c:\documents and settings\Tea\Desktop\jgh.exe
Command switches used :: c:\documents and settings\Tea\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
FILE ::
"c:\windows\system32\drivers\ndisrd.sys"
"c:\windows\System32\oem38.inf"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
c:\windows\system32\drivers\ndisrd.sys
c:\windows\System32\oem38.inf
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ndisrd
.
.
((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-25 10:40 . 2012-01-25 10:40 -------- d-----w- c:\program files\IrfanView
2012-01-24 13:16 . 2012-01-24 13:16 -------- d-----w- c:\documents and settings\Tea\Application Data\Malwarebytes
2012-01-24 13:15 . 2012-01-24 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-24 13:15 . 2012-01-24 13:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-24 13:15 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 12:35 . 2012-01-24 12:35 -------- d-----w- c:\program files\Common Files\Java
2012-01-24 11:58 . 2012-01-24 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-01-23 23:41 . 2012-01-23 23:41 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-23 23:41 . 2012-01-23 23:41 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-01-23 23:41 . 2012-01-23 23:41 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-23 23:41 . 2012-01-23 23:41 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-01-23 23:41 . 2012-01-23 23:41 814040 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-01-23 23:41 . 2012-01-23 23:41 486360 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-01-23 23:41 . 2012-01-23 23:41 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-23 23:41 . 2012-01-23 23:41 2124760 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-01-23 23:41 . 2012-01-23 23:41 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-01-23 23:41 . 2012-01-23 23:41 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-23 23:41 . 2012-01-23 23:41 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-23 23:41 . 2012-01-23 23:41 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-23 10:33 . 2012-01-23 10:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-01-23 03:15 . 2012-01-23 03:15 -------- d-----w- C:\_OTL
2012-01-17 10:57 . 2012-01-17 10:57 -------- d-----w- c:\program files\ERUNT
2012-01-17 01:49 . 2012-01-17 01:49 -------- d-----w- c:\documents and settings\Administrator
2012-01-16 09:38 . 2012-01-23 17:06 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 00:49 . 2010-04-11 14:33 1391104 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 04:54 . 2010-11-09 14:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27 . 2010-04-11 21:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-03 15:28 . 2008-04-14 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-31 20:57 . 2008-04-14 12:00 389120 ----a-w- c:\windows\system32\html.iec
2012-01-23 23:41 . 2012-01-23 23:41 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-24_10.35.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2012-01-26 10:23 . 2012-01-26 10:23 16384 c:\windows\temp\Perflib_Perfdata_714.dat
+ 2012-01-26 00:49 . 2010-04-11 14:33 87280 c:\windows\system32\ReinstallBackups\0006\DriverFiles\bcmwlcoi.dll
- 2008-04-14 12:00 . 2012-01-24 08:46 68938 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-01-26 00:50 68938 c:\windows\system32\perfc009.dat
+ 2010-04-11 12:46 . 2012-01-24 12:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-04-11 12:46 . 2012-01-16 09:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-01-24 12:04 . 2012-01-24 12:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-01-24 11:01 . 2012-01-24 11:01 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\6c334564da041df8fb75415f2d503224\System.Windows.Presentation.ni.dll
- 2012-01-24 10:33 . 2012-01-24 10:33 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2008-04-14 12:00 . 2012-01-24 08:46 436042 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2012-01-26 00:50 436042 c:\windows\system32\perfh009.dat
+ 2012-01-24 12:35 . 2011-11-10 04:54 157472 c:\windows\system32\javaws.exe
+ 2012-01-24 12:35 . 2011-11-10 04:54 149280 c:\windows\system32\javaw.exe
+ 2012-01-24 12:35 . 2011-11-10 04:54 149280 c:\windows\system32\java.exe
- 2008-04-14 12:00 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-04-14 12:00 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-04-14 12:00 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
+ 2012-01-24 11:58 . 2012-01-24 11:58 236032 c:\windows\Installer\43da03.msi
+ 2012-01-24 12:35 . 2012-01-24 12:35 203776 c:\windows\Installer\1841a1.msi
+ 2012-01-24 11:02 . 2012-01-24 11:02 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\41db75b77769b05c791a7decf13afdc1\System.Web.Routing.ni.dll
- 2012-01-24 10:33 . 2012-01-24 10:33 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\018b6e48c32d5b5d78086998e3505f1c\System.Web.RegularExpressions.ni.dll
- 2012-01-24 10:33 . 2012-01-24 10:33 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
- 2012-01-24 10:33 . 2012-01-24 10:33 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
- 2012-01-24 10:33 . 2012-01-24 10:33 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 549888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\b927a01b2a945d6a996294172195de4c\System.Web.DynamicData.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 145408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\ae91185a31cc445024a9b152cf5c65ff\System.Web.Abstractions.ni.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2012-01-26 00:49 . 2012-01-25 21:54 1391104 c:\windows\system32\ReinstallBackups\0006\DriverFiles\BCMWL5.SYS
+ 2012-01-24 11:02 . 2012-01-24 11:02 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-01-24 11:02 . 2012-01-24 11:02 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-01-24 11:02 . 2012-01-24 11:02 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:02 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
- 2012-01-24 10:33 . 2012-01-24 10:33 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 2418688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\2914bb8a0993adc7cdc5bd92dbc89719\System.Web.Extensions.ni.dll
+ 2012-01-24 11:01 . 2012-01-24 11:01 12231680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62da3f0fabaac0a8c8a4e11f9012391d\System.Web.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-22 2140880]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Tea\\Desktop\\COD\\Call of Duty 1.5 + United Offensive\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [22.2.2010 15:50 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.2.2010 15:50 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [24.1.2012 14:15 652872]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [4.12.2006 15:13 292384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [24.1.2012 14:15 20464]
S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30.4.2010 17:31 135664]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [30.4.2010 17:31 135664]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [17.7.2007 0:24 35072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:31]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 16:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-26 11:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2012-01-26 11:28:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-26 10:28
ComboFix2.txt 2012-01-24 10:39
ComboFix3.txt 2012-01-23 17:38
.
Pre-Run: 34.306.412.544 bytes free
Post-Run: 34.295.042.048 bytes free
.
- - End Of File - - 7FB551C6BFB2A0C0B11FBCEE3B5BFCBB
 
Hi oldman960,

aside from the fact that its still booting a little too slow (XP logo fades in with some freezes, and that bar make quite a few runs from left to right), laptop is just fine. tried restarting it a couple of times, every time had no problems with working on it or with wlan. You need me to do anymore tests/scans?

Thanks
 
Hi marko1234,

We emptied a bunch of temporary cashes. The computer should start a bit faster as those caches repopulate.

We also found and removed a different infection with the last combofix run.

One more scan to check for stragglers.

Please run the F-Secure Online Scanner from F-Secure.
  • At the bottom of the webpage, read and agree to the license terms and click run check. Be sure to run the Online Scanner and not the Health Check!
  • If prompted, give the java plug-in permission to run.
  • Select Quick Scan when prompted, and then click on Scan.
  • Once the scan is finished, make sure Automatically and Send the Files to F-Secure are unchecked and click next.
  • After clicking on next, click on Full Report. A log should appear in your internet browser. Copy that information and post it here.

Next

Open OTL and click Quick Scan

Please post back with
  • F-Secure log
  • OTL.txt
thanks
 
F-Secure log
Scanning Report
Thursday, January 26, 2012 15:01:43 - 15:09:44

Computer name: TEA-LAPTOP
Scanning type: Quick scan
Target: System
4 malware found
TrackingCookie.2o7 (spyware)

System (Disinfected)

TrackingCookie.Adtech (spyware)

System (Disinfected)

TrackingCookie.Xiti (spyware)

System (Disinfected)

TrackingCookie.Webtrends (spyware)

System (Disinfected)

Statistics
Scanned:

Files: 3418
System: 3418
Not scanned: 0

Actions:

Disinfected: 4
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

Options
Scanning engines:

OTL quick scan log

OTL logfile created on: 26.1.2012 15:12:41 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tea\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

895,23 Mb Total Physical Memory | 232,14 Mb Available Physical Memory | 25,93% Memory free
2,12 Gb Paging File | 1,34 Gb Available in Paging File | 63,11% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101,44 Gb Total Space | 31,26 Gb Free Space | 30,82% Space Free | Partition Type: NTFS
Drive D: | 8,79 Gb Total Space | 0,63 Gb Free Space | 7,23% Space Free | Partition Type: NTFS

Computer Name: TEA-LAPTOP | User Name: Tea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.24 00:41:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.01.23 01:04:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.11.10 05:54:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010.02.22 15:50:16 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010.02.22 15:49:56 | 002,140,880 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008.04.14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.06 15:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.02.06 15:11:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006.12.04 15:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.24 12:01:26 | 012,231,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62da3f0fabaac0a8c8a4e11f9012391d\System.Web.ni.dll
MOD - [2012.01.24 00:41:29 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.01.23 23:35:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2012.01.23 23:35:14 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2012.01.23 23:34:54 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2012.01.23 18:58:02 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2012.01.23 18:57:51 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012.01.23 18:56:50 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011.11.10 05:53:45 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2011.08.28 20:05:14 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010.06.03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.04.11 21:14:50 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2908.16950__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:50 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2908.16911__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:50 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2908.16962__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2908.16942__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2908.16929__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:49 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2908.17117__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:49 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2908.17139__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:49 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2908.17131__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:49 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2908.17098__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:49 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:47 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2908.17160__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:06 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2908.17167__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:06 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2908.16956__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:06 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2908.16923__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:06 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2908.16955__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:05 | 000,352,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2908.17105__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:05 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:05 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2908.17111__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:05 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2908.17104__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:05 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2908.17097__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:03 | 000,794,624 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:03 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2908.17124__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:03 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:02 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2908.16976__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2908.16930__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,217,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2908.16969__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:01 | 000,901,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2908.17132__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,663,552 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2908.17099__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,479,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2908.17059__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2908.17092__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010.04.11 21:14:01 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010.04.11 21:14:01 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2908.17063__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:01 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2908.17091__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.04.11 21:14:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.04.11 21:14:00 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.04.11 21:13:59 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.04.11 21:13:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.04.11 21:13:59 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010.04.11 21:13:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.04.11 21:13:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll
MOD - [2010.04.11 21:13:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.04.11 21:13:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.04.11 21:13:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.04.11 21:13:58 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.04.11 21:13:58 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.04.11 21:13:57 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2010.04.11 21:13:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010.04.11 21:13:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.04.11 21:13:56 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.04.11 21:13:46 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2908.17177__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.04.11 21:13:46 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2908.16901__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.04.11 21:13:45 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2908.16937__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.04.11 21:13:45 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2908.17152__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.04.11 21:13:45 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2908.17150__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.04.11 21:13:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.04.11 21:13:45 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.04.11 21:13:45 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.04.11 21:13:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.04.11 21:13:44 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2908.16903__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.04.11 21:13:44 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.04.11 21:13:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.04.11 21:13:42 | 001,507,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2908.16918__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.04.11 21:13:41 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2908.16903__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010.04.11 21:13:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2908.16902__90ba9c70f846762e\APM.Server.dll
MOD - [2010.04.11 21:13:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2908.16901__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.04.11 21:13:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.04.11 21:13:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2908.17151__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.04.11 21:13:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.04.11 21:13:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.02.06 15:20:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.02.06 15:16:06 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.02.22 15:52:52 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.02.22 15:50:16 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2006.12.04 15:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)


========== Driver Services (SafeList) ==========

DRV - [2012.01.26 01:49:45 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.02.22 15:51:06 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.02.22 15:51:04 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.02.22 15:50:56 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.02.22 15:50:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.02.22 15:47:20 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.04.28 19:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007.12.18 10:46:24 | 002,849,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.07.17 00:24:00 | 000,035,072 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2007.02.14 14:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.02.14 14:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.01.02 14:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.12.15 13:44:42 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.07.01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Tea\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.24 00:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.24 00:41:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.04.11 16:11:46 | 000,000,000 | ---D | M]

[2010.04.11 16:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Extensions
[2012.01.24 00:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions
[2011.04.05 22:05:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.23 04:31:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.01.23 04:31:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Profiles\zl22bngb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012.01.24 13:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.24 13:35:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012.01.24 00:41:31 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.24 00:41:25 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.01.24 00:41:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.24 00:41:25 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.01.24 00:41:25 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2012.01.24 00:41:25 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Tea\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_JamesWhite = C:\Documents and Settings\Tea\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\

O1 HOSTS File: ([2012.01.26 11:22:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23FB4650-9569-4754-B0F8-C11D10A8F1DD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Pozadina radne površine.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tea\Application Data\Mozilla\Firefox\Pozadina radne površine.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.11 13:26:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.01.26 15:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Application Data\f-secure
[2012.01.26 14:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012.01.26 11:54:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.01.25 11:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Start Menu\Programs\IrfanView
[2012.01.25 11:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012.01.24 14:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Application Data\Malwarebytes
[2012.01.24 14:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.24 14:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.01.24 14:15:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.24 14:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.24 14:12:00 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tea\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.24 13:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.24 12:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012.01.24 12:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Desktop\Ad_Aware.Pro.8.1.4
[2012.01.24 11:32:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.01.23 18:13:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.01.23 18:13:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.01.23 18:13:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.01.23 18:13:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.01.23 18:13:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.23 18:11:42 | 004,388,468 | R--- | C] (Swearware) -- C:\Documents and Settings\Tea\Desktop\jgh.exe
[2012.01.23 11:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012.01.23 04:15:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.23 01:07:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
[2012.01.17 11:57:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.01.17 11:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012.01.17 11:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012.01.17 11:51:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tea\Start Menu\Programs\Administrative Tools
[2012.01.17 11:51:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Tea\Desktop\erunt-setup.exe
[2012.01.17 11:51:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Tea\Desktop\dds.scr
[2012.01.17 02:49:36 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.01.16 11:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012.01.14 10:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tea\Desktop\Riki 2-7mj
[2012.01.12 09:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2012.01.26 15:20:02 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.26 12:26:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.26 12:25:46 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.26 12:25:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.26 12:22:21 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2012.01.26 11:22:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.01.26 01:50:24 | 000,436,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.26 01:50:24 | 000,068,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.25 22:49:09 | 000,123,392 | ---- | M] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.25 22:48:36 | 000,015,144 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\rotterdam1.jpg
[2012.01.25 22:43:58 | 000,043,604 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\rotterdam.jpg
[2012.01.25 21:18:17 | 002,401,739 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\cv.gif
[2012.01.25 12:45:07 | 000,028,152 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\wlan2.gif
[2012.01.25 12:44:53 | 000,024,068 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\wlan1.gif
[2012.01.25 11:46:49 | 000,127,758 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\problem.gif
[2012.01.25 11:40:26 | 000,001,565 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\IrfanView Thumbnails.lnk
[2012.01.25 11:40:26 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\IrfanView.lnk
[2012.01.24 14:15:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.24 14:14:21 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tea\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.24 13:28:54 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.01.24 13:28:54 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\statistics.dat
[2012.01.24 13:28:54 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.01.24 12:32:00 | 083,109,073 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ADawP.Dr.House.rar
[2012.01.24 11:54:05 | 000,012,696 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\combofixlog.zip
[2012.01.24 11:19:13 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Tea\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.01.24 01:30:45 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.24 01:19:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.01.23 18:08:16 | 004,388,468 | R--- | M] (Swearware) -- C:\Documents and Settings\Tea\Desktop\jgh.exe
[2012.01.23 18:06:54 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2012.01.23 04:12:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.23 01:04:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tea\Desktop\OTL.exe
[2012.01.17 11:57:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ERUNT.lnk
[2012.01.17 11:56:37 | 000,007,597 | ---- | M] () -- C:\Documents and Settings\Tea\Desktop\ddslog.zip
[2012.01.17 02:58:41 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Tea\Desktop\erunt-setup.exe
[2012.01.17 02:57:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Tea\Desktop\dds.scr
[2012.01.11 12:14:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2012.01.25 22:46:47 | 000,015,144 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\rotterdam1.jpg
[2012.01.25 22:43:58 | 000,043,604 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\rotterdam.jpg
[2012.01.25 21:18:16 | 002,401,739 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\cv.gif
[2012.01.25 11:50:36 | 000,028,152 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\wlan2.gif
[2012.01.25 11:49:38 | 000,024,068 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\wlan1.gif
[2012.01.25 11:42:49 | 000,127,758 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\problem.gif
[2012.01.25 11:40:26 | 000,001,565 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\IrfanView Thumbnails.lnk
[2012.01.25 11:40:26 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\IrfanView.lnk
[2012.01.24 14:15:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.24 13:28:54 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.01.24 13:28:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\statistics.dat
[2012.01.24 13:28:54 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.01.24 12:53:16 | 083,109,073 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ADawP.Dr.House.rar
[2012.01.24 12:52:27 | 070,418,432 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\HTV2_upanijsk(110225_144428).mpg
[2012.01.24 11:54:05 | 000,012,696 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\combofixlog.zip
[2012.01.24 11:19:13 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Tea\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.01.24 00:41:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.23 18:13:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.23 18:13:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.23 18:13:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.23 18:13:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.23 18:13:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.01.17 11:57:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ERUNT.lnk
[2012.01.17 11:56:37 | 000,007,597 | ---- | C] () -- C:\Documents and Settings\Tea\Desktop\ddslog.zip
[2012.01.16 10:38:09 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_trash.cmd
[2011.09.27 16:42:36 | 000,044,832 | ---- | C] () -- C:\WINDOWS\System32\epfwdata.bin
[2011.05.30 05:55:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\{ACBFB8EE-A683-43AD-AC5B-B379A4A85257}
[2011.03.28 20:54:11 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.12.08 14:18:00 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Tea\Application Data\winscp.rnd
[2010.04.14 09:13:33 | 000,123,392 | ---- | C] () -- C:\Documents and Settings\Tea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.11 21:16:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.04.11 17:23:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.11 16:00:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.04.11 15:12:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.04.11 15:10:52 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.11 13:29:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.04.11 13:23:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.04.14 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 13:00:00 | 000,436,042 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 13:00:00 | 000,068,938 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.12.18 09:25:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007.12.18 09:25:14 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007.12.18 09:25:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.11.27 14:34:14 | 000,160,289 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007.02.06 15:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.02.06 14:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010.07.02 12:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrystalIdea Software
[2010.04.11 16:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012.01.26 14:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010.04.11 13:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010.04.12 13:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010.07.22 20:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.14 15:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\BSplayer PRO
[2010.04.14 10:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.04.11 16:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\ESET
[2012.01.26 15:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\f-secure
[2010.04.25 22:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\Facebook
[2011.03.07 21:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tea\Application Data\uTorrent

========== Purity Check ==========



< End of report >
 
Hi marko1234,

Everything ok now? If so we'll clean up the tools.

From your desktop, please delete, if present
  • any notepads/logs that we created
You can delete any files we saved to your flash drive. You can keep the xPUD CD, it may come in handy one day.

You can also delete GETxPUD.exe from your other computer's desktop.


Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /uninstall

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


I suggest you keep MBAM. Keep it updated and use it regularly.


Updates and upgrades

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources. If you choose to install Foxit, decline the Foxit toolbar.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 9.4.1 first. Be sure to move any PDF documents to another folder first though.

Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have those.


You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis


- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System > Updates tab


- Keep your antivirus program updated, as well as any other security programs you have.

-More tips and programs can be found HERE

Please post back if you have any problems.

Take care :adios:
 
Last edited:
Status
Not open for further replies.
Back
Top