Solved need help with deleting viruses

kravetzroman · 2011/06/05

[Resolved] need help with deleting viruses

Hello.
after this thread http://www.windowsbbs.com/windows-7/99226-blue-screen-dump-data.html

I did what i have been asked to.
There are all the logs that i need to post here.

Thanks for any help.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6774

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

05/06/2011 14:31:14
mbam-log-2011-06-05 (14-31-14).txt

Scan type: Quick scan
Objects scanned: 176086
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Roman\AppData\Roaming\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 18/06/2010 00:06:21
System Uptime: 05/06/2011 14:23:07 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD4P
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | Socket 1156 | 2235/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 53 GiB total, 21.675 GiB free.
D: is FIXED (NTFS) - 195 GiB total, 95.899 GiB free.
E: is FIXED (NTFS) - 684 GiB total, 389.641 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Ultra HS-SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_ULTRA_HS-SD#MMC&REV_1.82#000000264001&0#
Manufacturer: Generic
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_ULTRA_HS-SD#MMC&REV_1.82#000000264001&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP244: 02/06/2011 16:26:33 - Scheduled Checkpoint
RP246: 04/06/2011 21:11:45 - RegRun Virus Scan
RP247: 05/06/2011 13:42:48 - Windows Update
RP249: 05/06/2011 13:51:22 - RegRun Virus Scan
.
==== Installed Programs ======================
.
µTorrent
3DMark Vantage
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader X (10.0.1)
AIFF MP3 Converter v3.2 build 977
America's Army 3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Verifier
ASUS GameOSD Utility
ASUS Gamer OSD
ASUS Smart Doctor
ASUS VGA Driver
ATI Catalyst Install Manager
Audacity 1.2.6
BitTorrent
BlazeDTV 6.0
Bonjour
Brother MFL-Pro Suite MFC-7320
Call of Duty Modern Warfare 2
Catalyst Control Center InstallProxy
Command & Conquer™ 4 Tiberian Twilight
Command & Conquer™ Red Alert™ 3
Conduit Engine
Counter-Strike
Debugging Tools for Windows (x86)
Dedicated Server
DES 2.0
Easy Tune 6 B10.0521.1
ESET Smart Security
Futuremark SystemInfo
GameFace Messenger
Gigabyte Raid Cinfigurer
Google Chrome
Google Earth
iPhone Tunnel Suite v3.0
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Just Cause 2
LangOver 5.0
LogMeIn
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft IntelliPoint 8.1
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows Performance Toolkit
Microsoft Windows SDK .NET Framework Tools (30514)
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
Microsoft Windows SDK for Windows 7 Samples (30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
Microsoft Windows SDK MSHelp (30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
Nero 7 Essentials
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
NVIDIA PhysX
PaperPort Image Printer
PCMark Vantage
PowerISO
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
ScanSoft PaperPort 11
sClient+ Anti-Cheat
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Smart Dual Lan
SpeedFan (remove only)
StarCraft II
Steam
TLN eMule Booster MOD
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Utility
uTorrentBar Toolbar
Ventrilo Client
Win7codecs
Winamp
Winamp Detector Plug-in
Windows 7 Codec Pack 2.6.1
Windows Media Player Firefox Plugin
Windows SDK IntellisenseNFX
WinRAR archiver
www.sClient.net Toolbar
חבילת תאימות עבור מהדורת 2007 של מערכת Office
.
==== Event Viewer Messages From Past Week ========
.
05/06/2011 15:16:08, Error: Service Control Manager [7016] - The SDLService service has reported an invalid current state 0.
05/06/2011 14:41:41, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
05/06/2011 14:23:35, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00005003, 0x8d200000, 0x00010524, 0xd8d38009). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060511-24367-01.
05/06/2011 14:23:31, Error: EventLog [6008] - The previous system shutdown at 14:22:03 on ‎05/‎06/‎2011 was unexpected.
04/06/2011 14:23:49, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x932cb6b0, 0x8e13b67c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060411-18532-01.
04/06/2011 14:23:45, Error: EventLog [6008] - The previous system shutdown at 14:22:03 on ‎04/‎06/‎2011 was unexpected.
03/06/2011 23:29:56, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00000031, 0x87119098, 0x9af19000, 0xaf6a418a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060311-20389-01.
03/06/2011 23:29:51, Error: EventLog [6008] - The previous system shutdown at 23:28:11 on ‎03/‎06/‎2011 was unexpected.
03/06/2011 20:27:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x00000099, 0x000013b5, 0x00000002, 0x00001335). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060311-20077-01.
03/06/2011 20:27:19, Error: EventLog [6008] - The previous system shutdown at 20:25:39 on ‎03/‎06/‎2011 was unexpected.
02/06/2011 01:24:39, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x00000099, 0x0000f072, 0x00000000, 0x00047372). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060211-17893-01.
02/06/2011 01:24:34, Error: EventLog [6008] - The previous system shutdown at 01:22:56 on ‎02/‎06/‎2011 was unexpected.
02/06/2011 00:58:02, Error: AeLookupSvc [1] - The Application Experience Lookup service failed to initialize.
02/06/2011 00:55:16, Error: sptd [4] - Driver detected an internal error in its data structures for .
02/06/2011 00:00:21, Error: volsnap [5] - The shadow copy of volume C: could not be created due to insufficient non-paged memory pool for a bitmap structure.
.
==== End Of File ===========================

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Roman at 15:16:04 on 2011-06-05
Microsoft Windows 7 Ultimate 6.1.7600.0.1255.972.1033.18.3579.1899 [GMT 3:00]
.
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\ASDR.exe
C:\Windows\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EnergySaver2\des2svr.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\System32\XSrvSetup.exe
D:\programs\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Realtek\Smart Dual Lan\SDLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
D:\programs\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchFilterHost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
uURLSearchHooks: www.sClient.net Toolbar: {51aa88bd-c5dc-4215-bc71-101db3672d14} - c:\program files\http://www.windowsbbs.com/malware-virus-removal/www.sclient.net\prxtbwww..dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: www.sClient.net Toolbar: {51aa88bd-c5dc-4215-bc71-101db3672d14} - c:\program files\http://www.windowsbbs.com/malware-virus-removal/www.sclient.net\prxtbwww..dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: www.sClient.net Toolbar: {51aa88bd-c5dc-4215-bc71-101db3672d14} - c:\program files\http://www.windowsbbs.com/malware-virus-removal/www.sclient.net\prxtbwww..dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: www.sClient.net Toolbar: {51aa88bd-c5dc-4215-bc71-101db3672d14} - c:\program files\http://www.windowsbbs.com/malware-virus-removal/www.sclient.net\prxtbwww..dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\roman\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe "
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe "
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe "
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini "
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [LogMeIn GUI] "d:\programs\logmein\x86\LogMeInSystray.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe "
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &יצא ל- Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{D04BD8B0-B922-41C3-9999-B99BCC90AF35} : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{FD8A1ABE-D97D-47D4-BC86-6FA3CB40602F} : NameServer = 10.0.0.138
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-4 176128]
R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\gigabyte\energysaver2\des2svr.exe [2010-6-18 68136]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]
R2 JMB36X;JMB36X;c:\windows\system32\XSrvSetup.exe [2010-6-18 65536]
R2 LMIGuardianSvc;LMIGuardianSvc;d:\programs\logmein\x86\LMIGuardianSvc.exe [2010-10-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\programs\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-8-28 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-5 366640]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-6-18 27648]
R2 SDLService;SDLService;c:\program files\realtek\smart dual lan\SDLService.exe [2010-6-18 77824]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-6-4 6096384]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-14 265088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-14 11904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-5 22712]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-10-26 58240]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-10-26 136704]
R3 rtkio;rtkio;c:\program files\realtek\smart dual lan\rtkio.sys [2010-6-18 5760]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 1029456]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-7-15 101904]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-6-18 17488]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2010-6-18 24944]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-18 1343400]
.
=============== Created Last 30 ================
.
2011-06-05 11:31:42 54016 ----a-w- c:\windows\system32\drivers\xaqj.sys
2011-06-05 11:13:05 -------- d-----w- c:\users\roman\appdata\roaming\Malwarebytes
2011-06-05 11:12:59 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 11:12:58 -------- d-----w- c:\programdata\Malwarebytes
2011-06-05 11:12:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 11:12:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-04 18:15:55 -------- d-----w- C:\Backreg
2011-06-04 18:10:13 2 --shatr- c:\windows\winstart.bat
2011-06-04 18:10:10 -------- d-----w- c:\program files\UnHackMe
2011-06-04 12:36:45 6096384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-06-04 11:53:23 -------- d-----w- C:\symbols
2011-06-04 11:47:14 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2011-06-04 11:47:03 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-06-04 11:45:26 -------- d-----w- c:\program files\Application Verifier
2011-06-04 11:44:43 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-06-01 23:35:54 48648 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\Markup.dll
2011-06-01 23:35:49 845632 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-06-01 10:18:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-18 08:39:48 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-05-18 08:36:28 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 14:54:22 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 14:54:22 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2011-06-05 11:23:32 17488 ----a-w- c:\windows\gdrv.sys
2011-04-19 23:43:42 7772160 ----a-w- c:\windows\system32\drivers\atikmdag.sys.old
2011-04-19 23:09:20 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-19 23:09:06 676864 ----a-w- c:\windows\system32\aticfx32.dll
2011-04-19 23:07:04 17693184 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-19 23:05:08 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-19 23:04:38 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-19 23:04:08 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-19 23:02:58 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-04-19 23:02:44 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-19 23:02:32 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-19 23:02:24 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-19 23:02:18 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-19 22:59:22 4161536 ----a-w- c:\windows\system32\atidxx32.dll
2011-04-19 22:46:16 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-19 22:46:04 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-19 22:42:06 6389760 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-19 22:40:16 1923584 ----a-w- c:\windows\system32\atiumdmv.dll
2011-04-19 22:38:06 4286464 ----a-w- c:\windows\system32\atiumdag.dll
2011-04-19 22:30:38 4056576 ----a-w- c:\windows\system32\atiumdva.dll
2011-04-19 22:27:00 52736 ----a-w- c:\windows\system32\coinst.dll
2011-04-19 22:23:06 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-19 22:22:54 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-19 22:22:42 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-04-19 22:22:10 243712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-19 22:21:40 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-04-19 22:21:26 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-04-19 22:21:02 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-04-19 22:20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 22:13:30 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-19 22:13:30 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-13 12:02:36 40984 ----a-w- c:\windows\system32\drivers\point32.sys
2011-04-08 20:02:04 390656 ----a-w- c:\windows\system32\ipcoin815.dll
2011-04-06 13:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 13:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 13:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 13:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 15:16:24.72 ===============

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: P55A-UD4P
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 183):
0x83040000 \SystemRoot\system32\ntkrnlpa.exe
0x83009000 \SystemRoot\system32\halmacpi.dll
0x80B9A000 \SystemRoot\system32\kdcom.dll
0x83610000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83688000 \SystemRoot\system32\PSHED.dll
0x83699000 \SystemRoot\system32\BOOTVID.dll
0x836A1000 \SystemRoot\system32\CLFS.SYS
0x836E3000 \SystemRoot\system32\CI.dll
0x8378E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83600000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8CA34000 \SystemRoot\System32\Drivers\spdn.sys
0x8CB27000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8CB30000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8CB56000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8CB9E000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8CBA6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8CBB1000 \SystemRoot\system32\DRIVERS\pci.sys
0x8CBDB000 \SystemRoot\System32\drivers\partmgr.sys
0x8CBEC000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8CC24000 \SystemRoot\System32\drivers\volmgrx.sys
0x8CC6F000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8CC76000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8CC84000 \SystemRoot\system32\DRIVERS\jraid.sys
0x8CC9F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8CCB5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8CCBE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8CCE1000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8CCEA000 \SystemRoot\system32\drivers\fltmgr.sys
0x8CD1E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8CE0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CF3B000 \SystemRoot\System32\Drivers\msrpc.sys
0x8CF66000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8CF79000 \SystemRoot\System32\Drivers\cng.sys
0x8CFD6000 \SystemRoot\System32\drivers\pcw.sys
0x8CFE4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8CD2F000 \SystemRoot\system32\drivers\ndis.sys
0x8D027000 \SystemRoot\system32\drivers\NETIO.SYS
0x8D065000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8D08A000 \SystemRoot\System32\drivers\tcpip.sys
0x8CA00000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D1D3000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8D239000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8D278000 \SystemRoot\System32\Drivers\spldr.sys
0x8D280000 \SystemRoot\system32\speedfan.sys
0x8D282000 \SystemRoot\System32\drivers\rdyboost.sys
0x8D2AF000 \SystemRoot\System32\Drivers\mup.sys
0x8D2BF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8D2C7000 \SystemRoot\system32\giveio.sys
0x8D2C8000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8D2FA000 \SystemRoot\system32\DRIVERS\disk.sys
0x8D30B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8D362000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D381000 \SystemRoot\System32\Drivers\Null.SYS
0x8D388000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D38F000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x8D3AC000 \SystemRoot\System32\drivers\vga.sys
0x8D3B8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D3D9000 \SystemRoot\System32\drivers\watchdog.sys
0x8D3E6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D3EE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D3F6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8D200000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D20B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D219000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D1DC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x92038000 \SystemRoot\system32\drivers\afd.sys
0x92092000 \SystemRoot\System32\DRIVERS\netbt.sys
0x920C4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x920CB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x920EA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x920F8000 \SystemRoot\system32\DRIVERS\serial.sys
0x92112000 \SystemRoot\system32\drivers\atkkbnt.sys
0x92115000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92128000 \SystemRoot\system32\DRIVERS\termdd.sys
0x92138000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x92146000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92187000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92191000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9219B000 \SystemRoot\system32\DRIVERS\EIO.sys
0x921A4000 \SystemRoot\System32\drivers\discache.sys
0x9361B000 \SystemRoot\system32\drivers\csc.sys
0x9367F000 \SystemRoot\System32\Drivers\dfsc.sys
0x93697000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x936A5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x936C6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x936D8000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x9400D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9462D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x946E4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9471D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9473C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x94747000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x94792000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x947A1000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x947C3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x947C5000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x947EA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x93718000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x947F0000 \SystemRoot\system32\DRIVERS\serenum.sys
0x93744000 \SystemRoot\system32\DRIVERS\parport.sys
0x9375C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x94000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x93774000 \SystemRoot\System32\Drivers\a41gc1br.SYS
0x937AD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x947FA000 \SystemRoot\System32\Drivers\Video3D32.sys
0x937B6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x947FD000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x937C3000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0x937CE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x937E0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x93600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x921B0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x921D2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92000000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92017000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9360B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x921EA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x947FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9483D000 \SystemRoot\system32\DRIVERS\ks.sys
0x94871000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9487F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x948C3000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x948D2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x948E3000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x94901000 \SystemRoot\system32\drivers\portcls.sys
0x94930000 \SystemRoot\system32\drivers\drmk.sys
0x94E2F000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x95104000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95111000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9511C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95125000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x95136000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9514D000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x95158000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x95166000 \SystemRoot\system32\DRIVERS\BrUsbSIb.sys
0x95169000 \SystemRoot\system32\DRIVERS\BrSerIb.sys
0x951AA000 \SystemRoot\system32\drivers\modem.sys
0x951B7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x951C2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x951D5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x951DC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x951E7000 \SystemRoot\system32\DRIVERS\point32.sys
0x9B970000 \SystemRoot\System32\win32k.sys
0x951F0000 \SystemRoot\System32\drivers\Dxapi.sys
0x94949000 \SystemRoot\system32\DRIVERS\AF15BDA.sys
0x951FA000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x94E00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x94E0C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9BBD0000 \SystemRoot\System32\TSDDD.dll
0x94E17000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9B800000 \SystemRoot\System32\cdd.dll
0x9B8C0000 \SystemRoot\System32\ATMFD.DLL
0x949C2000 \SystemRoot\system32\drivers\luafv.sys
0x9C41C000 \SystemRoot\system32\DRIVERS\eamon.sys
0x9C4E8000 \SystemRoot\system32\drivers\WudfPf.sys
0x9C502000 \SystemRoot\system32\DRIVERS\epfw.sys
0x9C525000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C535000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C548000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys
0x9C554000 \SystemRoot\system32\drivers\HTTP.sys
0x9C5D9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C400000 \SystemRoot\System32\drivers\mpsdrv.sys
0x949DD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x94800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8D330000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C412000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9C5F2000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
0x9C419000 \??\D:\programs\LogMeIn\x86\RaInfo.sys
0x9202E000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0x9EC04000 \SystemRoot\system32\drivers\peauth.sys
0x9EC9B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9ECA5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9ECC6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9ECD3000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9ED22000 \SystemRoot\System32\DRIVERS\srv.sys
0x9ED74000 \??\C:\Windows\gdrv.sys
0x9ED77000 \??\C:\Program Files\Realtek\Smart Dual Lan\rtkio.sys
0x9ED9A000 \??\C:\Windows\system32\drivers\mbam.sys
0x9EDB6000 \??\C:\Users\Roman\AppData\Local\Temp\aglorpow.sys
0x77630000 \Windows\System32\ntdll.dll
0x482C0000 \Windows\System32\smss.exe
0x77870000 \Windows\System32\apisetschema.dll
0x10000000 \programs\DAEMON Tools Lite\Engine.dll

Processes (total 70):
0 System Idle Process
4 System
396 C:\Windows\System32\smss.exe
556 csrss.exe
632 C:\Windows\System32\wininit.exe
640 csrss.exe
680 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
728 C:\Windows\System32\lsm.exe
776 C:\Windows\System32\winlogon.exe
884 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\atiesrxx.exe
1120 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\svchost.exe
1544 C:\Windows\System32\atieclxx.exe
1676 C:\Windows\System32\spoolsv.exe
1704 C:\Windows\System32\svchost.exe
1788 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1812 C:\Windows\System32\ASDR.exe
1836 C:\Windows\ATKKBService.exe
1860 C:\Program Files\Bonjour\mDNSResponder.exe
1904 C:\Program Files\Gigabyte\EnergySaver2\des2svr.exe
1956 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
2008 C:\Windows\System32\XSrvSetup.exe
128 D:\programs\LogMeIn\x86\LMIGuardianSvc.exe
284 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
532 C:\Windows\System32\PnkBstrA.exe
576 C:\Windows\System32\PnkBstrB.exe
708 C:\Program Files\Realtek\Smart Dual Lan\SDLService.exe
828 C:\Windows\System32\svchost.exe
2364 C:\Windows\System32\dwm.exe
2396 C:\Windows\explorer.exe
2644 C:\Windows\System32\taskhost.exe
2892 C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
3304 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
3416 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3428 C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
3436 C:\Program Files\ESET\ESET Smart Security\egui.exe
3472 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
3540 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
3616 D:\programs\LogMeIn\x86\LogMeInSystray.exe
3628 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
3704 D:\Program Files\iTunes\iTunesHelper.exe
3728 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
3752 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3784 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3824 C:\Program Files\Windows Sidebar\sidebar.exe
3916 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
2252 C:\Windows\System32\svchost.exe
1040 C:\Program Files\iPod\bin\iPodService.exe
2444 C:\Windows\System32\SearchIndexer.exe
3780 C:\Program Files\Windows Media Player\wmpnetwk.exe
5196 C:\Windows\System32\SearchProtocolHost.exe
2520 C:\Windows\System32\svchost.exe
4184 WmiPrvSE.exe
4044 C:\Windows\System32\svchost.exe
2960 C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
3212 C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
1880 C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
4996 C:\Windows\System32\svchost.exe
4556 C:\Windows\System32\audiodg.exe
3040 C:\Windows\System32\SearchFilterHost.exe
1768 MpCmdRun.exe
4868 E:\downloads\MBRCheck.exe
2904 C:\Windows\System32\conhost.exe
5488 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`26c00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000003d`fad00000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10001

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

PeteC · 2011/06/05

I see you have P2P software ( Limewire, BitTorrent, uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

kravetzroman · 2011/06/05

the last log

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-05 15:12:30
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5 SAMSUNG_HD103SJ rev.1AJ10001
Running: 6bniq8q4.exe; Driver: C:\Users\Roman\AppData\Local\Temp\aglorpow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83083569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830A8092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spdn.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9400E000, 0x331A84, 0xE8000020]
.text USBPORT.SYS!DllUnload 9476BCA0 5 Bytes JMP 873C64E0
.text a41gc1br.SYS 93775000 2 Bytes [44, E8]
.text a41gc1br.SYS 93775003 9 Bytes [83, EE, E6, 00, 83, A0, C7, ...] {SUB ESI, -0x1a; ADD [EBX-0x7cff3860], AL}
.text a41gc1br.SYS 9377500D 9 Bytes [C7, 00, 83, 48, EB, 00, 83, ...] {MOV DWORD [EAX], 0xeb4883; ADD DWORD [EAX], 0x0}
.text a41gc1br.SYS 93775017 41 Bytes [00, DE, 27, B3, 8C, E6, 25, ...]
.text a41gc1br.SYS 93775041 128 Bytes [86, 0A, 83, 60, 85, 0A, 83, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtCreateFile + 6 77674876 4 Bytes [28, 00, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtCreateFile + B 7767487B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtMapViewOfSection + 6 77674ED6 1 Byte [28]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtMapViewOfSection + 6 77674ED6 4 Bytes [28, 03, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtMapViewOfSection + B 77674EDB 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtOpenFile + 6 77674F86 4 Bytes [68, 00, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtOpenFile + B 77674F8B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtOpenProcess + 6 77675036 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtOpenProcess + B 7767503B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtOpenProcessToken + B 7767504B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtOpenProcessTokenEx + 6 77675056 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtOpenProcessTokenEx + B 7767505B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtOpenThread + 6 776750B6 4 Bytes [68, 01, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtOpenThread + B 776750BB 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtOpenThreadToken + 6 776750C6 4 Bytes [68, 02, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtOpenThreadToken + B 776750CB 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtOpenThreadTokenEx + B 776750DB 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtQueryAttributesFile + 6 776751E6 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtQueryAttributesFile + B 776751EB 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtQueryFullAttributesFile + B 7767529B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtSetInformationFile + 6 776758E6 4 Bytes [28, 01, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtSetInformationFile + B 776758EB 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtSetInformationThread + 6 77675946 4 Bytes [28, 02, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtSetInformationThread + B 7767594B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtUnmapViewOfSection + 6 77675C66 1 Byte [68]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtUnmapViewOfSection + 6 77675C66 4 Bytes [68, 03, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[1880] ntdll.dll!NtUnmapViewOfSection + B 77675C6B 1 Byte [E2]
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1956] kernel32.dll!SetUnhandledExceptionFilter 76CF3162 4 Bytes [C2, 04, 00, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + 6 77674876 4 Bytes [28, 00, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + B 7767487B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + 6 77674ED6 1 Byte [28]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + 6 77674ED6 4 Bytes [28, 03, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + B 77674EDB 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + 6 77674F86 4 Bytes [68, 00, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + B 77674F8B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + 6 77675036 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + B 7767503B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessToken + B 7767504B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + 6 77675056 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + B 7767505B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + 6 776750B6 4 Bytes [68, 01, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + B 776750BB 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + 6 776750C6 4 Bytes [68, 02, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + B 776750CB 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadTokenEx + B 776750DB 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + 6 776751E6 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + B 776751EB 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryFullAttributesFile + B 7767529B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + 6 776758E6 4 Bytes [28, 01, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + B 776758EB 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + 6 77675946 4 Bytes [28, 02, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + B 7767594B 1 Byte [E2]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + 6 77675C66 1 Byte [68]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + 6 77675C66 4 Bytes [68, 03, 07, 00]
.text C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + B 77675C6B 1 Byte [E2]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3824] SHELL32.dll!SHLoadInProc + 60D61 761801DA 1 Byte [6A]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8CA36042] \SystemRoot\System32\Drivers\spdn.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8CA366D6] \SystemRoot\System32\Drivers\spdn.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8CA36800] \SystemRoot\System32\Drivers\spdn.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8CA3613E] \SystemRoot\System32\Drivers\spdn.sys
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\a41gc1br.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\XSrvSetup.exe[2008] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75725E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\XSrvSetup.exe[2008] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75725E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\XSrvSetup.exe[2008] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75725E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\XSrvSetup.exe[2008] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75725E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\XSrvSetup.exe[2008] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75725E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86BF31F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\volmgr \Device\VolMgrControl 85F1E1F8
Device \Driver\usbuhci \Device\USBPDO-2 873C71F8
Device \Driver\usbehci \Device\USBPDO-3 87364500
Device \Driver\usbuhci \Device\USBPDO-4 873C71F8
Device \Driver\usbuhci \Device\USBPDO-5 873C71F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FD8A1ABE-D97D-47D4-BC86-6FA3CB40602F} 871C9500
Device \Driver\usbuhci \Device\USBPDO-6 873C71F8
Device \Driver\volmgr \Device\HarddiskVolume1 85F1E1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-7 873C71F8
Device \Driver\ACPI_HAL \Device\00000071 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 85F1E1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-8 87364500
Device \Driver\cdrom \Device\CdRom0 871211F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 86BF11F8
Device \Driver\atapi \Device\Ide\IdePort0 86BF11F8
Device \Driver\atapi \Device\Ide\IdePort1 86BF11F8
Device \Driver\atapi \Device\Ide\IdePort2 86BF11F8
Device \Driver\atapi \Device\Ide\IdePort3 86BF11F8
Device \Driver\atapi \Device\Ide\IdePort4 86BF11F8
Device \Driver\atapi \Device\Ide\IdePort5 86BF11F8
Device \Driver\atapi \Device\Ide\IdePort6 86BF11F8
Device \Driver\atapi \Device\Ide\IdePort7 86BF11F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-5 86BF11F8
Device \Driver\volmgr \Device\HarddiskVolume3 85F1E1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume4 85F1E1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume5 85F1E1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 871C9500
Device \Driver\USBSTOR \Device\000000aa 871A11F8
Device \Driver\USBSTOR \Device\000000ab 871A11F8
Device \Driver\usbuhci \Device\USBFDO-0 873C71F8
Device \Driver\usbuhci \Device\USBFDO-1 873C71F8
Device \Driver\sptd \Device\4073106368 spdn.sys
Device \Driver\usbuhci \Device\USBFDO-2 873C71F8
Device \Driver\usbehci \Device\USBFDO-3 87364500
Device \Driver\PCI_PNP2367 \Device\0000007c spdn.sys
Device \Driver\usbuhci \Device\USBFDO-4 873C71F8
Device \Driver\usbuhci \Device\USBFDO-5 873C71F8
Device \Driver\usbuhci \Device\USBFDO-6 873C71F8
Device \Driver\usbuhci \Device\USBFDO-7 873C71F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D04BD8B0-B922-41C3-9999-B99BCC90AF35} 871C9500
Device \Driver\a41gc1br \Device\Scsi\a41gc1br1 874171F8
Device \Driver\usbehci \Device\USBFDO-8 87364500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Shares@\xf88d\5\x5c0\5א\5װ\5 CSCFlags=2048?MaxUses=4294967295?Path=E:\?????Permissions=0?Remark=?ShareName=?????Type=0?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Shares@י\5\xf88d\5ט\5\xf88d\5\xf891\5 CSCFlags=2048?MaxUses=4294967295?Path=E:\??????Permissions=0?Remark=?ShareName=??????Type=0?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Shares@ב\5ט\5\x5f4\5\xf88d\5\xf891\5 CSCFlags=2048?MaxUses=4294967295?Path=E:\??????Permissions=0?Remark=?ShareName=??????Type=0?
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\programs\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0x52 0xE6 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB8 0xFC 0x1B 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0x4C 0xF2 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Shares@\xf88d\5\x5c0\5א\5װ\5 CSCFlags=2048?MaxUses=4294967295?Path=E:\?????Permissions=0?Remark=?ShareName=?????Type=0?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Shares@י\5\xf88d\5ט\5\xf88d\5\xf891\5 CSCFlags=2048?MaxUses=4294967295?Path=E:\??????Permissions=0?Remark=?ShareName=??????Type=0?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Shares@ב\5ט\5\x5f4\5\xf88d\5\xf891\5 CSCFlags=2048?MaxUses=4294967295?Path=E:\??????Permissions=0?Remark=?ShareName=??????Type=0?
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\programs\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0x52 0xE6 0xBB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB8 0xFC 0x1B 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0x4C 0xF2 0x08 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\Temp\TMP0000009361CD8EF53ACD3BD0 0 bytes

---- EOF - GMER 1.0.15 ----

Admin. · 2011/06/05

Please don't put QUOTE tags around your logs!

broni · 2011/06/05

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

kravetzroman · 2011/06/05

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #4
==============================================
>Drivers
==============================================
0x9323B000 C:\Windows\system32\DRIVERS\atikmdag.sys 6422528 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x8301E000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x8301E000 PnpManager 4259840 bytes
0x8301E000 RAW 4259840 bytes
0x8301E000 WMIxWDM 4259840 bytes
0x9442F000 C:\Windows\system32\drivers\RTKVHDA.sys 2969600 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x9AA90000 Win32k 2404352 bytes
0x9AA90000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8D239000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8CE3C000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8CA84000 PCI_PNP7567 995328 bytes
0x8CA84000 C:\Windows\System32\Drivers\spka.sys 995328 bytes
0x8CA84000 sptd 995328 bytes
0x99E0D000 C:\Windows\system32\DRIVERS\eamon.sys 835584 bytes (ESET, Amon monitor)
0x9385B000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8D024000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x83702000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA1215000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x99F45000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x93AD5000 C:\Windows\system32\DRIVERS\AF15BDA.sys 495616 bytes (ITETech , AF9015 BDA Driver )
0x8362F000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8CA05000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x92A39000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8CD1E000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x91E3A000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA1333000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA12E4000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9AD40000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x93975000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8CC13000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8CBA6000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x93A0B000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x836C0000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x94773000 C:\Windows\system32\DRIVERS\BrSerIb.sys 266240 bytes (Brother Industries Ltd., Brother MFC Serial Interface Driver(WDM))
0x91F48000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x92AF6000 C:\Windows\system32\DRIVERS\atikmpag.sys 262144 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x8D3BC000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8D0DB000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x93B8C000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x92B92000 C:\Windows\System32\Drivers\atrhn9j8.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x93912000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8342E000 ACPI_HAL 225280 bytes
0x8342E000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8CCD9000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8CDB6000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8D156000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x91E94000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8D382000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x93A8D000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8D20C000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x92B36000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8CF6B000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x837C6000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8CB80000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8D199000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8D119000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x93200000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x8CCAD000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x99EF3000 C:\Windows\system32\DRIVERS\epfw.sys 143360 bytes (ESET, ESET Personal Firewall driver)
0x93B69000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x91FB2000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x939CF000 C:\Windows\system32\DRIVERS\nusb3xhc.sys 139264 bytes (NEC Electronics Corporation, USB 3.0 Host Controller Driver)
0xA12B6000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x92AC3000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8CE00000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA138A000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8D000000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9394B000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x91ECD000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x93A6F000 C:\Windows\system32\drivers\AtiHdmi.sys 122880 bytes (ATI Technologies, Inc., ATI High Definition Audio Function Driver)
0x9AD20000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8CFC0000 C:\Windows\system32\DRIVERS\ehdrv.sys 118784 bytes (ESET, ESET Helper driver)
0x8CC73000 C:\Windows\system32\DRIVERS\jraid.sys 110592 bytes (JMicron Technology Corp., JMicron JMB36X RAID Driver)
0x93B4E000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x93BC7000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x91EFA000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x99ED9000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x99FCA000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x93ABC000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x92A9D000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x92B7A000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x92B62000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x92A00000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91FD4000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x91E00000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x91E17000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8CD94000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x94740000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x94417000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8CC8E000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x947CC000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8CF96000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x99F26000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x91F17000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x92BEC000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x92AE4000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x99FE3000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8D188000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x94725000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8CD0D000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x93A5E000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83600000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x836A7000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x99F16000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8D13E000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x91F2A000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x83611000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x93A4F000 C:\Windows\system32\DRIVERS\nusb3hub.sys 61440 bytes (NEC Electronics Corporation, USB 3.0 Hub Driver)
0x939C0000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x92AB5000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x93BE2000 C:\Windows\system32\DRIVERS\epfwwfp.sys 57344 bytes (ESET, ESET Personal Firewall driver)
0x91EEC000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8CD86000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8CC65000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8CFA9000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x91F3A000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x8CDEA000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x94762000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
0x8CA76000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x837AD000 C:\Windows\System32\drivers\xaqj.sys 57344 bytes
0x92BD4000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x94704000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x939F3000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x947B4000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x91FEC000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA12D7000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8CE21000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x91FA6000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x94400000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x99F39000 C:\Windows\system32\DRIVERS\RtNdPt60.sys 49152 bytes (Windows (R) Codename Longhorn DDK provider, NDIS User mode I/O Driver)
0x8CFDD000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x94711000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x92BE1000 C:\Windows\system32\DRIVERS\Epfwndis.sys 45056 bytes (ESET, ESET Personal Firewall NDIS filter)
0x947C1000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9440C000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x947E6000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8CD7B000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x92A18000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8CDAB000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x94757000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
0x9396A000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x837BB000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x94736000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x99E00000 C:\Windows\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0x91F93000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x91F89000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x92A23000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA12AC000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9322B000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8CCD0000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8CCA4000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xA13B8000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x9471C000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x91F9D000 C:\Windows\system32\DRIVERS\EIO.sys 36864 bytes (ASUSTeK Computer Inc., ASUS VGA Kernel Mode Driver)
0x8CFB7000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x947F1000 C:\Windows\system32\DRIVERS\point32.sys 36864 bytes (Microsoft Corporation, Point32k.sys)
0x9ACF0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8D3B3000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x92BCB000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8CB77000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x836B8000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8D14E000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80B9B000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8CBEE000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8CE2E000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8CFE9000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8CFF1000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8D200000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8D1F7000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x947DF000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8D1F0000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x99FF5000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x8CC5E000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x91EC6000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x93225000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xA13AB000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x8D208000 C:\Windows\system32\speedfan.sys 16384 bytes (Almico Software, Speed Fan x32 Driver)
0x91F14000 C:\Windows\system32\drivers\atkkbnt.sys 12288 bytes (ASUSTeK COMPUTER INC., ASUS Help driver For Keyboard Service.)
0x947FA000 C:\Windows\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x94770000 C:\Windows\system32\DRIVERS\BrUsbSIb.sys 12288 bytes (Brother Industries Ltd., Brother MFC Serial USB Driver(WDM))
0xA1385000 C:\Windows\gdrv.sys 12288 bytes (Windows (R) 2000 DDK provider, GIGABYTE Tools)
0x93235000 C:\Windows\System32\Drivers\Video3D32.sys 12288 bytes (ASUSTeK COMPUTER INC., ASUS Video3D driver)
0x99FFC000 D:\programs\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0xA1388000 C:\Program Files\Realtek\Smart Dual Lan\rtkio.sys 8192 bytes (Windows (R) Codename Longhorn DDK provider, Realtek IODriver)
0x93239000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x939F1000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8D3FB000 C:\Windows\system32\giveio.sys 4096 bytes
0x93238000 C:\Windows\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
0x85EFE1F8 unknown_irp_handler 3592 bytes
0x85EFC1F8 unknown_irp_handler 3592 bytes
0x873DC1F8 unknown_irp_handler 3592 bytes
0x85EFD1F8 unknown_irp_handler 3592 bytes
0x874831F8 unknown_irp_handler 3592 bytes
0x870E51F8 unknown_irp_handler 3592 bytes
0x85EFA1F8 unknown_irp_handler 3592 bytes
0x8892A1F8 unknown_irp_handler 3592 bytes
0x871D0470 unknown_irp_handler 2960 bytes
0x87A0C500 unknown_irp_handler 2816 bytes
0x873E9500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
0x872E9F13 Unknown page with executable code, 237 bytes
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x871F9DA4 Unknown page with executable code, 604 bytes
0x87201D46 Unknown page with executable code, 698 bytes

broni · 2011/06/05

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

kravetzroman · 2011/06/05

ComboFix 11-06-05.02 - Roman 06/05/2011 20:53:19.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1255.972.1033.18.3579.2463 [GMT 3:00]
Running from: c:\users\Roman\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-05 to 2011-06-05 )))))))))))))))))))))))))))))))
.
.
2011-06-05 17:57 . 2011-06-05 17:57 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-06-05 17:57 . 2011-06-05 17:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-05 17:05 . 2011-06-05 17:05 14336 ----a-w- c:\windows\system32\drivers\EIO.sys
2011-06-05 12:56 . 2011-06-05 17:19 -------- d-----w- c:\program files\SpeedFan
2011-06-05 11:13 . 2011-06-05 11:13 -------- d-----w- c:\users\Roman\AppData\Roaming\Malwarebytes
2011-06-05 11:12 . 2011-05-29 06:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 11:12 . 2011-06-05 11:12 -------- d-----w- c:\programdata\Malwarebytes
2011-06-05 11:12 . 2011-06-05 11:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 11:12 . 2011-05-29 06:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 18:15 . 2011-06-04 18:15 -------- d-----w- C:\Backreg
2011-06-04 18:10 . 2011-06-04 18:10 2 --shatr- c:\windows\winstart.bat
2011-06-04 18:10 . 2011-06-05 10:52 -------- d-----w- c:\program files\UnHackMe
2011-06-04 12:36 . 2010-08-04 02:21 6096384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-06-04 11:53 . 2011-06-04 11:53 -------- d-----w- C:\symbols
2011-06-04 11:47 . 2011-06-04 11:47 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2011-06-04 11:47 . 2011-06-04 11:47 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-06-04 11:45 . 2011-06-04 11:45 -------- d-----w- c:\program files\Application Verifier
2011-06-04 11:44 . 2011-06-04 11:44 -------- d-----w- c:\windows\symbols
2011-06-04 11:44 . 2011-06-04 11:44 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-06-04 11:40 . 2011-06-04 11:40 -------- d-----w- c:\program files\Microsoft SDKs
2011-06-01 23:35 . 2011-06-01 23:35 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-06-01 23:35 . 2011-06-01 23:35 845632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-01 10:18 . 2011-06-01 10:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-18 08:39 . 2011-05-18 08:39 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-05-18 08:36 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-16 10:31 . 2011-05-16 10:31 -------- d-----w- c:\program files\Microsoft Silverlight
2011-05-11 14:54 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 14:54 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-05 17:17 . 2010-06-18 11:11 17488 ----a-w- c:\windows\gdrv.sys
2011-06-05 13:11 . 2010-06-18 09:57 17488 ----a-w- c:\windows\etdrv.sys
2011-06-05 13:11 . 2010-06-18 09:57 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-04-19 23:43 . 2011-04-19 23:43 7772160 ----a-w- c:\windows\system32\drivers\atikmdag.sys.old
2011-04-19 23:09 . 2011-04-19 23:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-19 23:09 . 2010-02-10 09:17 676864 ----a-w- c:\windows\system32\aticfx32.dll
2011-04-19 23:07 . 2011-04-19 23:07 17693184 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-19 23:05 . 2011-04-19 23:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-19 23:04 . 2010-08-03 22:51 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-19 23:04 . 2010-08-03 22:51 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-19 23:02 . 2011-04-19 23:02 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-04-19 23:02 . 2010-08-03 22:49 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-19 23:02 . 2011-04-19 23:02 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-19 23:02 . 2011-04-19 23:02 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-19 23:02 . 2011-04-19 23:02 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-19 22:59 . 2010-02-10 09:19 4161536 ----a-w- c:\windows\system32\atidxx32.dll
2011-04-19 22:46 . 2011-04-19 22:46 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-19 22:46 . 2011-04-19 22:46 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-19 22:42 . 2011-04-19 22:42 6389760 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-19 22:40 . 2011-04-19 22:40 1923584 ----a-w- c:\windows\system32\atiumdmv.dll
2011-04-19 22:38 . 2011-04-19 22:38 4286464 ----a-w- c:\windows\system32\atiumdag.dll
2011-04-19 22:30 . 2011-04-19 22:30 4056576 ----a-w- c:\windows\system32\atiumdva.dll
2011-04-19 22:27 . 2010-10-27 00:14 52736 ----a-w- c:\windows\system32\coinst.dll
2011-04-19 22:23 . 2010-08-03 22:16 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-19 22:22 . 2011-04-19 22:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-19 22:22 . 2011-04-19 22:22 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-04-19 22:22 . 2011-04-19 22:22 243712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-19 22:21 . 2010-08-03 22:15 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-04-19 22:21 . 2011-01-26 19:12 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-04-19 22:21 . 2011-04-19 22:21 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-04-19 22:20 . 2011-04-19 22:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 22:13 . 2011-04-19 22:13 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-19 22:13 . 2011-04-19 22:13 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-13 12:02 . 2011-04-13 12:02 40984 ----a-w- c:\windows\system32\drivers\point32.sys
2011-04-11 07:04 . 2011-05-06 03:29 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F588DD6-E48C-4660-B2EB-600678AC7DEC}\mpengine.dll
2011-04-08 20:02 . 2011-04-08 20:02 390656 ----a-w- c:\windows\system32\ipcoin815.dll
2011-04-06 13:20 . 2011-04-06 13:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 13:20 . 2011-04-06 13:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 13:20 . 2011-04-06 13:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 13:20 . 2011-04-06 13:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-11 05:40 . 2011-04-14 17:35 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-14 17:35 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38 . 2011-04-14 17:35 740864 ----a-w- c:\windows\system32\inetcomm.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-06-17 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} "= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{51aa88bd-c5dc-4215-bc71-101db3672d14} "= "c:\program files\www.sClient.net\prxtbwww..dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{51aa88bd-c5dc-4215-bc71-101db3672d14}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51aa88bd-c5dc-4215-bc71-101db3672d14}]
2011-01-17 14:54 175912 ----a-w- c:\program files\www.sClient.net\prxtbwww..dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} "= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{51aa88bd-c5dc-4215-bc71-101db3672d14} "= "c:\program files\www.sClient.net\prxtbwww..dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{51aa88bd-c5dc-4215-bc71-101db3672d14}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} "= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{51AA88BD-C5DC-4215-BC71-101DB3672D14} "= "c:\program files\www.sClient.net\prxtbwww..dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{51aa88bd-c5dc-4215-bc71-101db3672d14}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-08 8120864]
"NUSB3MON "= "c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"egui "= "c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD "= "c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch "= "c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder "= "c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd "= "c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3 "= "c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"LogMeIn GUI "= "d:\programs\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"iTunesHelper "= "d:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-28 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
DSLAGENT.EXE PCI [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-06-19 21:18 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 09:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- d:\programs\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
2006-11-01 12:50 2154496 ----a-w- c:\program files\GameFace Messenger\GameFace.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-17 21:47 136176 ----atw- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-01-27 09:22 63048 ----a-w- d:\programs\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 12:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2006-06-15 09:36 229376 ----a-w- d:\programs\nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-06-27 13:21 1449984 ----a-w- d:\programs\nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- d:\programs\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-01-13 18:26 1242448 ----a-w- d:\steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 08:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-05-25 16:08 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JMB36X;JMB36X;c:\windows\System32\XSrvSetup.exe [2009-08-06 65536]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-19 1029456]
R2 SDLService;SDLService;c:\program files\Realtek\Smart Dual Lan\SDLService.exe [2009-10-23 77824]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
R3 cpuz130;cpuz130;c:\users\Roman\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-06-05 17488]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-17 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-01 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-19 176128]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\Gigabyte\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-09-11 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-09-11 38240]
S2 LMIGuardianSvc;LMIGuardianSvc;d:\programs\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;d:\programs\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 27648]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-19 243712]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-26 58240]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-26 136704]
S3 rtkio;rtkio;c:\program files\Realtek\Smart Dual Lan\rtkio.sys [2009-06-20 5760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BLACKBOX
*NewlyCreated* - GIVEIO
*NewlyCreated* - SPEEDFAN
*Deregistered* - BlackBox
.
Contents of the 'Scheduled Tasks' folder
.
2010-06-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:18]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-160025120-2155131995-4151893724-1000Core.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-17 21:47]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-160025120-2155131995-4151893724-1000UA.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-17 21:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{FD8A1ABE-D97D-47D4-BC86-6FA3CB40602F}: NameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ACMON - c:\program files\ASUS\Splendid\ACMON.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-ASUSGamerOSD - c:\program files\ASUS\GamerOSD\GamerOSD.exe
MSConfigStartUp-ATICustomerCare - c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
MSConfigStartUp-GsiFinal - gspndll.dll
MSConfigStartUp-{8C647655-A24E-2255-CE72-4F86D27B58AE} - c:\users\Roman\AppData\Roaming\213wwer\12323.exe
MSConfigStartUp-{9D71D88C-C598-4935-C5D1-43AA4DB90836} - c:\users\Roman\AppData\Roaming\msnger\msnger.exe
AddRemove-BitTorrent - d:\bittorrent\bittorrent.exe
AddRemove-Steam App 10 - e:\steam\steam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-05 20:58:29
ComboFix-quarantined-files.txt 2011-06-05 17:58
.
Pre-Run: 22,889,771,008 bytes free
Post-Run: 23,614,824,448 bytes free
.
- - End Of File - - A2150C4D708C9391BA0229C9FDDCE89C

broni · 2011/06/05

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box

Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
FCopy::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll | c:\windows\System32\user32.dll

File::
c:\windows\winstart.bat
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

kravetzroman · 2011/06/05

ComboFix 11-06-05.02 - Roman 06/05/2011 21:22:40.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1255.972.1033.18.3579.2186 [GMT 3:00]
Running from: c:\users\Roman\Desktop\ComboFix.exe
Command switches used :: c:\users\Roman\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\winstart.bat "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\winstart.bat
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2011-05-05 to 2011-06-05 )))))))))))))))))))))))))))))))
.
.
2011-06-05 18:26 . 2011-06-05 18:26 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2011-06-05 18:26 . 2011-06-05 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-05 17:05 . 2011-06-05 17:05 14336 ----a-w- c:\windows\system32\drivers\EIO.sys
2011-06-05 12:56 . 2011-06-05 17:19 -------- d-----w- c:\program files\SpeedFan
2011-06-05 11:13 . 2011-06-05 11:13 -------- d-----w- c:\users\Roman\AppData\Roaming\Malwarebytes
2011-06-05 11:12 . 2011-05-29 06:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 11:12 . 2011-06-05 11:12 -------- d-----w- c:\programdata\Malwarebytes
2011-06-05 11:12 . 2011-06-05 11:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 11:12 . 2011-05-29 06:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 18:15 . 2011-06-04 18:15 -------- d-----w- C:\Backreg
2011-06-04 18:10 . 2011-06-05 10:52 -------- d-----w- c:\program files\UnHackMe
2011-06-04 12:36 . 2010-08-04 02:21 6096384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-06-04 11:53 . 2011-06-04 11:53 -------- d-----w- C:\symbols
2011-06-04 11:47 . 2011-06-04 11:47 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2011-06-04 11:47 . 2011-06-04 11:47 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-06-04 11:45 . 2011-06-04 11:45 -------- d-----w- c:\program files\Application Verifier
2011-06-04 11:44 . 2011-06-04 11:44 -------- d-----w- c:\windows\symbols
2011-06-04 11:44 . 2011-06-04 11:44 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-06-04 11:40 . 2011-06-04 11:40 -------- d-----w- c:\program files\Microsoft SDKs
2011-06-01 23:35 . 2011-06-01 23:35 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-06-01 23:35 . 2011-06-01 23:35 845632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-01 10:18 . 2011-06-01 10:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-18 08:39 . 2011-05-18 08:39 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-05-18 08:36 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-16 10:31 . 2011-05-16 10:31 -------- d-----w- c:\program files\Microsoft Silverlight
2011-05-11 14:54 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 14:54 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-05 18:01 . 2010-06-18 11:11 17488 ----a-w- c:\windows\gdrv.sys
2011-06-05 13:11 . 2010-06-18 09:57 17488 ----a-w- c:\windows\etdrv.sys
2011-06-05 13:11 . 2010-06-18 09:57 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-04-19 23:43 . 2011-04-19 23:43 7772160 ----a-w- c:\windows\system32\drivers\atikmdag.sys.old
2011-04-19 23:09 . 2011-04-19 23:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-19 23:09 . 2010-02-10 09:17 676864 ----a-w- c:\windows\system32\aticfx32.dll
2011-04-19 23:07 . 2011-04-19 23:07 17693184 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-19 23:05 . 2011-04-19 23:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-19 23:04 . 2010-08-03 22:51 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-19 23:04 . 2010-08-03 22:51 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-19 23:02 . 2011-04-19 23:02 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-04-19 23:02 . 2010-08-03 22:49 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-19 23:02 . 2011-04-19 23:02 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-19 23:02 . 2011-04-19 23:02 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-19 23:02 . 2011-04-19 23:02 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-19 22:59 . 2010-02-10 09:19 4161536 ----a-w- c:\windows\system32\atidxx32.dll
2011-04-19 22:46 . 2011-04-19 22:46 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-19 22:46 . 2011-04-19 22:46 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-19 22:42 . 2011-04-19 22:42 6389760 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-19 22:40 . 2011-04-19 22:40 1923584 ----a-w- c:\windows\system32\atiumdmv.dll
2011-04-19 22:38 . 2011-04-19 22:38 4286464 ----a-w- c:\windows\system32\atiumdag.dll
2011-04-19 22:30 . 2011-04-19 22:30 4056576 ----a-w- c:\windows\system32\atiumdva.dll
2011-04-19 22:27 . 2010-10-27 00:14 52736 ----a-w- c:\windows\system32\coinst.dll
2011-04-19 22:23 . 2010-08-03 22:16 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-19 22:22 . 2011-04-19 22:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-19 22:22 . 2011-04-19 22:22 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-04-19 22:22 . 2011-04-19 22:22 243712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-19 22:21 . 2010-08-03 22:15 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-04-19 22:21 . 2011-01-26 19:12 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-04-19 22:21 . 2011-04-19 22:21 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-04-19 22:20 . 2011-04-19 22:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 22:13 . 2011-04-19 22:13 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-19 22:13 . 2011-04-19 22:13 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-13 12:02 . 2011-04-13 12:02 40984 ----a-w- c:\windows\system32\drivers\point32.sys
2011-04-11 07:04 . 2011-05-06 03:29 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F588DD6-E48C-4660-B2EB-600678AC7DEC}\mpengine.dll
2011-04-08 20:02 . 2011-04-08 20:02 390656 ----a-w- c:\windows\system32\ipcoin815.dll
2011-04-06 13:20 . 2011-04-06 13:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 13:20 . 2011-04-06 13:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 13:20 . 2011-04-06 13:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 13:20 . 2011-04-06 13:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-11 05:40 . 2011-04-14 17:35 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-14 17:35 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38 . 2011-04-14 17:35 740864 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} "= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{51aa88bd-c5dc-4215-bc71-101db3672d14} "= "c:\program files\www.sClient.net\prxtbwww..dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{51aa88bd-c5dc-4215-bc71-101db3672d14}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51aa88bd-c5dc-4215-bc71-101db3672d14}]
2011-01-17 14:54 175912 ----a-w- c:\program files\www.sClient.net\prxtbwww..dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 10:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} "= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{51aa88bd-c5dc-4215-bc71-101db3672d14} "= "c:\program files\www.sClient.net\prxtbwww..dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{51aa88bd-c5dc-4215-bc71-101db3672d14}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} "= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{51AA88BD-C5DC-4215-BC71-101DB3672D14} "= "c:\program files\www.sClient.net\prxtbwww..dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{51aa88bd-c5dc-4215-bc71-101db3672d14}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-08 8120864]
"NUSB3MON "= "c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"egui "= "c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD "= "c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch "= "c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder "= "c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd "= "c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3 "= "c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"LogMeIn GUI "= "d:\programs\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"iTunesHelper "= "d:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-28 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
DSLAGENT.EXE PCI [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-06-19 21:18 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 09:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- d:\programs\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
2006-11-01 12:50 2154496 ----a-w- c:\program files\GameFace Messenger\GameFace.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-17 21:47 136176 ----atw- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-01-27 09:22 63048 ----a-w- d:\programs\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 12:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2006-06-15 09:36 229376 ----a-w- d:\programs\nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-06-27 13:21 1449984 ----a-w- d:\programs\nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- d:\programs\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-01-13 18:26 1242448 ----a-w- d:\steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 08:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-05-25 16:08 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 JMB36X;JMB36X;c:\windows\System32\XSrvSetup.exe [2009-08-06 65536]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-19 1029456]
R2 SDLService;SDLService;c:\program files\Realtek\Smart Dual Lan\SDLService.exe [2009-10-23 77824]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
R3 cpuz130;cpuz130;c:\users\Roman\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-06-05 17488]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-17 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-01 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-19 176128]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\Gigabyte\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-09-11 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-09-11 38240]
S2 LMIGuardianSvc;LMIGuardianSvc;d:\programs\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;d:\programs\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 27648]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-19 243712]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-26 58240]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-26 136704]
S3 rtkio;rtkio;c:\program files\Realtek\Smart Dual Lan\rtkio.sys [2009-06-20 5760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RTKIO
.
Contents of the 'Scheduled Tasks' folder
.
2010-06-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:18]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-160025120-2155131995-4151893724-1000Core.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-17 21:47]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-160025120-2155131995-4151893724-1000UA.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-17 21:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{FD8A1ABE-D97D-47D4-BC86-6FA3CB40602F}: NameServer = 10.0.0.138
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-05 21:27:48
ComboFix-quarantined-files.txt 2011-06-05 18:27
ComboFix2.txt 2011-06-05 17:58
.
Pre-Run: 23,557,206,016 bytes free
Post-Run: 23,259,283,456 bytes free
.
- - End Of File - - D97A16A4B3363236ACF3AD1FF060EDD5

broni · 2011/06/05

Very well.

How is computer doing at the moment?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

kravetzroman · 2011/06/05

OTL Extras logfile created on: 05/06/2011 21:36:43 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Roman\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040d | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 65.22% Memory free
6.99 Gb Paging File | 5.68 Gb Available in Paging File | 81.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 52.51 Gb Total Space | 21.72 Gb Free Space | 41.37% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 95.90 Gb Free Space | 49.10% Space Free | Partition Type: NTFS
Drive E: | 683.59 Gb Total Space | 389.37 Gb Free Space | 56.96% Space Free | Partition Type: NTFS

Computer Name: ROMAN-PC | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20535ABD-7D5E-472E-9077-6AF48480DD82}" = ASUS GameOSD Utility
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3008CE00-F04D-47B6-B5DB-E11F7593754D}" = sClient+ Anti-Cheat
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{37AC7F94-2C0C-3DFF-8039-4B6AB79150D0}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7320
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A31C596-64D5-4613-83FD-D655A421588C}" = ESET Smart Security
"{4B509F1E-BEA7-3D0E-BE94-3BBF85E8D698}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5494AFBC-3EC2-463A-BD6C-EAFB62EB6EE9}_is1" = AIFF MP3 Converter v3.2 build 977
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D8A40E9-8E59-3761-98DE-2C9F7303FA17}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
"{60F063BE-732B-3E02-9574-63F81F057A8B}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514)
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DA83EA6-E731-4722-958D-613399AE1033}" = Nero 7 Essentials
"{9011040D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040D-0000-0000000FF1CE}" = חבילת תאימות עבור מהדורת 2007 של מערכת Office
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99367836-0A29-4EC8-88DB-CA774E5F93BA}_is1" = iPhone Tunnel Suite v3.0
"{9A9C11FA-AE85-3B48-86BE-5FA83D0384B3}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{9BD3BC83-C14A-4C54-A5FB-F43D93D5E4EF}" = Nokia Connectivity Cable Driver
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B7072091-4582-396F-87E2-412C85AC7095}" = Microsoft Windows SDK MSHelp (30514)
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C617EC41-9E21-3915-AA7E-F156B74F7D07}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2A7D92-D766-30A9-B195-C4772EE2695F}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1B34BF3-6333-47DC-AD85-D89A95829478}" = Nokia PC Suite
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20D402D-BBE3-C212-9B9E-07ECAFB4D3C0}" = ATI Catalyst Install Manager
"{F241EC95-C81A-466E-8006-6B0B364B07A0}" = PCMark Vantage
"{F7E9794B-D60F-CDE4-CEB8-CE695180C179}" = Catalyst Control Center InstallProxy
"{FB238A00-FB43-49C8-8955-6F1F430944B7}" = Smart Dual Lan
"{FE455A1D-A1A1-43F0-AAF2-3AA45845A054}" = LangOver 5.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Audacity_is1" = Audacity 1.2.6
"BlazeDTV 6.0_is1" = BlazeDTV 6.0
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"conduitEngine" = Conduit Engine
"GameFace_Messenger" = GameFace Messenger
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Just Cause 2_is1" = Just Cause 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 13140" = America's Army 3
"Steam App 5" = Dedicated Server
"TLN eMule Booster MOD" = TLN eMule Booster MOD
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Winamp" = Winamp
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.6.1
"WinRAR archiver" = WinRAR archiver
"www.sClient.net Toolbar" = www.sClient.net Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-160025120-2155131995-4151893724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/03/2011 16:43:51 | Computer Name = Roman-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/17 22:43:51.373]: [00002356]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 17/03/2011 16:43:52 | Computer Name = Roman-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/17 22:43:52.377]: [00002356]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 17/03/2011 16:43:53 | Computer Name = Roman-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/17 22:43:53.381]: [00002356]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 17/03/2011 16:43:54 | Computer Name = Roman-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/17 22:43:54.385]: [00002356]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 17/03/2011 16:43:55 | Computer Name = Roman-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/17 22:43:55.388]: [00002356]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 17/03/2011 16:43:56 | Computer Name = Roman-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/17 22:43:56.392]: [00002356]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 17/03/2011 16:43:57 | Computer Name = Roman-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/17 22:43:57.396]: [00002356]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 17/03/2011 16:43:58 | Computer Name = Roman-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/17 22:43:58.400]: [00002356]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 17/03/2011 16:43:59 | Computer Name = Roman-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/17 22:43:59.404]: [00002356]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 17/03/2011 16:44:00 | Computer Name = Roman-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/03/17 22:44:00.408]: [00002356]: CUsbScnDev: DeviceIoControl
Illegal response

[ System Events ]
Error - 05/06/2011 13:53:15 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 05/06/2011 13:55:13 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 05/06/2011 13:57:42 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 05/06/2011 14:00:34 | Computer Name = Roman-PC | Source = DCOM | ID = 10010
Description =

Error - 05/06/2011 14:22:20 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7034
Description = The JMB36X service terminated unexpectedly. It has done this 1 time(s).

Error - 05/06/2011 14:22:20 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7034
Description = The SDLService service terminated unexpectedly. It has done this
1 time(s).

Error - 05/06/2011 14:22:21 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 05/06/2011 14:24:51 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 05/06/2011 14:27:02 | Computer Name = Roman-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 05/06/2011 14:30:06 | Computer Name = Roman-PC | Source = DCOM | ID = 10010
Description =

< End of report >

kravetzroman · 2011/06/05

OTL logfile created on: 05/06/2011 21:36:43 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Roman\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040d | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 65.22% Memory free
6.99 Gb Paging File | 5.68 Gb Available in Paging File | 81.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 52.51 Gb Total Space | 21.72 Gb Free Space | 41.37% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 95.90 Gb Free Space | 49.10% Space Free | Partition Type: NTFS
Drive E: | 683.59 Gb Total Space | 389.37 Gb Free Space | 56.96% Space Free | Partition Type: NTFS

Computer Name: ROMAN-PC | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 21:35:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- D:\programs\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/06/20 00:18:00 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/20 00:17:54 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/02 11:10:58 | 001,212,416 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
PRC - [2010/01/27 12:22:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\programs\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/10/31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/23 08:46:20 | 000,077,824 | R--- | M] () -- C:\Program Files\Realtek\Smart Dual Lan\SDLService.exe
PRC - [2009/10/21 07:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/09/11 07:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/08/06 08:51:20 | 000,065,536 | R--- | M] () -- C:\Windows\System32\XSrvSetup.exe
PRC - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\System32\ASDR.exe
PRC - [2009/07/14 04:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/07 16:29:58 | 000,282,624 | ---- | M] (BlazeVideo Company) -- C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
PRC - [2009/06/17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EnergySaver2\des2svr.exe
PRC - [2009/03/30 16:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2006/09/29 10:01:06 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\Windows\ATKKBService.exe

========== Modules (SafeList) ==========

MOD - [2011/06/05 21:35:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
MOD - [2010/08/21 08:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/03/18 21:18:57 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- D:\programs\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\programs\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- D:\programs\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/06/20 00:17:54 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/18 00:31:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/23 08:46:20 | 000,077,824 | R--- | M] () [Auto | Running] -- C:\Program Files\Realtek\Smart Dual Lan\SDLService.exe -- (SDLService)
SRV - [2009/09/11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/08/06 08:51:20 | 000,065,536 | R--- | M] () [Auto | Running] -- C:\Windows\System32\XSrvSetup.exe -- (JMB36X)
SRV - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ASDR.exe -- (ASDR)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2006/09/29 10:01:06 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2006/06/05 13:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV - [2011/06/05 21:31:00 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/06/05 20:05:58 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO.sys -- (EIO)
DRV - [2011/06/05 16:11:24 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/12/18 14:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/08/04 05:21:42 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/07/15 15:47:36 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/07/01 22:15:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/22 04:11:00 | 000,493,312 | ---- | M] (ITETech ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2010/05/06 12:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/04/12 11:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\programs\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/10/29 11:14:32 | 000,099,440 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2009/10/26 18:19:02 | 000,136,704 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009/10/26 18:19:00 | 000,058,240 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/09/11 07:26:26 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009/09/11 07:26:20 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 03:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV - [2009/07/14 02:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV - [2009/06/20 08:57:08 | 000,005,760 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\Realtek\Smart Dual Lan\rtkio.sys -- (rtkio)
DRV - [2009/06/19 09:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/02/17 18:22:14 | 000,030,976 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV - [2009/02/17 18:22:14 | 000,015,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008/05/02 10:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/12/11 05:50:20 | 000,027,648 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2007/04/03 14:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 14:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 14:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 14:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 14:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 14:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 14:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2006/10/31 15:55:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\Windows\System32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2006/09/29 10:06:26 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Video3D32.sys -- (Video3D)
DRV - [1996/04/03 22:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {51aa88bd-c5dc-4215-bc71-101db3672d14} - C:\Program Files\www.sClient.net\prxtbwww..dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-160025120-2155131995-4151893724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = he-IL
IE - HKU\S-1-5-21-160025120-2155131995-4151893724-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 E6 42 0E CB 0C CC 01 [binary data]
IE - HKU\S-1-5-21-160025120-2155131995-4151893724-1000\..\URLSearchHook: {51aa88bd-c5dc-4215-bc71-101db3672d14} - C:\Program Files\www.sClient.net\prxtbwww..dll (Conduit Ltd.)
IE - HKU\S-1-5-21-160025120-2155131995-4151893724-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-160025120-2155131995-4151893724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-160025120-2155131995-4151893724-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/06/18 01:24:17 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/06/05 21:26:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (www.sClient.net Toolbar) - {51aa88bd-c5dc-4215-bc71-101db3672d14} - C:\Program Files\www.sClient.net\prxtbwww..dll (Conduit Ltd.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (www.sClient.net Toolbar) - {51aa88bd-c5dc-4215-bc71-101db3672d14} - C:\Program Files\www.sClient.net\prxtbwww..dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-160025120-2155131995-4151893724-1000\..\Toolbar\WebBrowser: (www.sClient.net Toolbar) - {51AA88BD-C5DC-4215-BC71-101DB3672D14} - C:\Program Files\www.sClient.net\prxtbwww..dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-160025120-2155131995-4151893724-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [LogMeIn GUI] D:\programs\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-160025120-2155131995-4151893724-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-160025120-2155131995-4151893724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.wmv3 - C:\Windows\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - xvidvfw.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 21:35:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
[2011/06/05 21:27:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/05 20:52:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/05 20:52:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/05 20:52:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/05 20:51:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/05 20:49:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/05 20:49:18 | 004,112,084 | R--- | C] (Swearware) -- C:\Users\Roman\Desktop\ComboFix.exe
[2011/06/05 20:09:45 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
[2011/06/05 20:05:58 | 000,014,336 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\System32\drivers\EIO.sys
[2011/06/05 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/06/05 15:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/06/05 14:13:05 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Malwarebytes
[2011/06/05 14:12:59 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/05 14:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/05 14:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/05 14:12:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/05 14:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/04 21:15:55 | 000,000,000 | ---D | C] -- C:\Backreg
[2011/06/04 21:10:12 | 000,000,000 | ---D | C] -- C:\Users\Roman\Documents\RegRun2
[2011/06/04 21:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2011/06/04 14:53:23 | 000,000,000 | ---D | C] -- C:\symbols
[2011/06/04 14:47:14 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit
[2011/06/04 14:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Performance Toolkit
[2011/06/04 14:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/06/04 14:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)
[2011/06/04 14:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier
[2011/06/04 14:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier
[2011/06/04 14:44:45 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2011/06/04 14:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011/06/04 14:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2011/06/04 14:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/05/18 11:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/05/18 11:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/05/16 13:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/05/16 13:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/05 21:36:58 | 000,647,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/05 21:36:58 | 000,386,828 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2011/06/05 21:36:58 | 000,118,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/05 21:36:58 | 000,081,270 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2011/06/05 21:35:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe
[2011/06/05 21:30:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/05 21:30:53 | 2814,877,696 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/05 21:29:03 | 000,004,608 | ---- | M] () -- C:\6XSourceFilter.grf
[2011/06/05 21:26:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/05 21:22:02 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-160025120-2155131995-4151893724-1000UA.job
[2011/06/05 20:51:44 | 004,112,084 | R--- | M] (Swearware) -- C:\Users\Roman\Desktop\ComboFix.exe
[2011/06/05 20:05:58 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\System32\drivers\EIO.sys
[2011/06/05 17:22:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-160025120-2155131995-4151893724-1000Core.job
[2011/06/05 16:11:12 | 000,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2011/06/05 15:56:08 | 000,000,965 | ---- | M] () -- C:\Users\Roman\Desktop\SpeedFan.lnk
[2011/06/05 15:56:07 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011/06/05 14:12:59 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 21:10:13 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/06/04 21:10:13 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2011/06/04 15:38:02 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/04 15:38:02 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 02:13:23 | 000,001,258 | ---- | M] () -- C:\Users\Roman\Desktop\Magnify (2).lnk
[2011/06/03 02:12:42 | 000,001,250 | ---- | M] () -- C:\Users\Roman\Desktop\On-Screen Keyboard (2).lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/25 23:17:25 | 000,002,359 | ---- | M] () -- C:\Users\Roman\Desktop\Google Chrome.lnk
[2011/05/19 13:11:30 | 000,001,103 | ---- | M] () -- C:\Users\Roman\Application Data\Microsoft\Internet Explorer\Quick Launch\הפעל את Microsoft Office Outlook.lnk
[2011/05/19 13:04:34 | 000,450,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/07 18:22:42 | 000,001,407 | ---- | M] () -- C:\Users\Roman\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/07 15:46:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/07 15:43:42 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/05 21:29:03 | 000,004,608 | ---- | C] () -- C:\6XSourceFilter.grf
[2011/06/05 20:52:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/05 20:52:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/05 20:52:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/05 20:52:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/05 20:52:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/05 15:56:08 | 000,000,965 | ---- | C] () -- C:\Users\Roman\Desktop\SpeedFan.lnk
[2011/06/05 14:12:59 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/03 02:13:23 | 000,001,258 | ---- | C] () -- C:\Users\Roman\Desktop\Magnify (2).lnk
[2011/06/03 02:12:42 | 000,001,250 | ---- | C] () -- C:\Users\Roman\Desktop\On-Screen Keyboard (2).lnk
[2011/05/07 15:46:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/03/10 19:25:06 | 000,000,366 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\GPU Monitor_Settings.ini
[2011/03/05 16:31:25 | 000,000,600 | ---- | C] () -- C:\Users\Roman\AppData\Local\PUTTY.RND
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/16 01:06:21 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/01/16 01:06:20 | 000,138,056 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\PnkBstrK.sys
[2011/01/16 01:02:06 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/01/16 01:02:05 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/01/16 01:02:04 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/01/01 16:41:16 | 000,000,600 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\winscp.rnd
[2010/12/13 17:11:22 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2010/12/13 17:11:22 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/12/11 14:09:22 | 000,075,776 | ---- | C] () -- C:\Windows\cadkasdeinst01e.exe
[2010/12/08 23:44:08 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2010/12/08 23:44:08 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2010/10/15 21:31:55 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/15 14:57:31 | 000,000,310 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/10/15 14:57:31 | 000,000,161 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/10/15 14:57:10 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/10/15 14:54:45 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7320.dat
[2010/10/15 14:54:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010/10/15 14:54:34 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/10/15 14:54:34 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/10/15 14:54:21 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2010/10/15 14:54:14 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2010/10/15 14:52:00 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/09/19 21:24:23 | 000,000,111 | ---- | C] () -- C:\Windows\BSGSetup.ini
[2010/09/04 14:05:43 | 000,639,046 | ---- | C] () -- C:\Windows\aticlocklib.dll
[2010/09/04 14:05:43 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\nVivid.bin
[2010/09/04 14:05:43 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\nStandard.bin
[2010/09/04 14:05:43 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\nAsmedia.bin
[2010/09/04 14:05:43 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\nAdvanced.bin
[2010/09/04 14:05:43 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\aVivid.bin
[2010/09/04 14:05:43 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\aStandard.bin
[2010/09/04 14:05:43 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\aAsmedia.bin
[2010/09/04 14:05:43 | 000,196,608 | ---- | C] () -- C:\Windows\System32\drivers\aAdvanced.bin
[2010/09/04 14:05:43 | 000,110,592 | ---- | C] () -- C:\Windows\R5ClkLib.dll
[2010/09/04 14:05:43 | 000,046,080 | ---- | C] () -- C:\Windows\System32\aseng.dll
[2010/09/04 14:05:43 | 000,020,480 | ---- | C] () -- C:\Windows\HyperDrive.exe
[2010/09/04 14:05:43 | 000,011,136 | ---- | C] () -- C:\Windows\System32\ATKOSDMini.DLL
[2010/09/04 14:05:43 | 000,000,018 | ---- | C] () -- C:\Windows\System32\atkid.ini
[2010/07/26 10:13:40 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/07/20 20:49:07 | 000,127,501 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\NMM-MetaData.db
[2010/07/10 15:24:35 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/06/19 17:34:20 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/06/19 01:53:37 | 000,386,828 | ---- | C] () -- C:\Windows\System32\perfh00D.dat
[2010/06/19 01:53:37 | 000,229,316 | ---- | C] () -- C:\Windows\System32\perfi00D.dat
[2010/06/19 01:53:37 | 000,081,270 | ---- | C] () -- C:\Windows\System32\perfc00D.dat
[2010/06/19 01:53:37 | 000,032,166 | ---- | C] () -- C:\Windows\System32\perfd00D.dat
[2010/06/18 23:04:27 | 000,007,632 | ---- | C] () -- C:\Users\Roman\AppData\Local\resmon.resmoncfg
[2010/06/18 12:57:27 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2010/06/18 01:17:34 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2010/06/18 01:16:48 | 000,000,140 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2010/06/18 00:27:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/18 00:23:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/18 00:10:51 | 000,065,536 | R--- | C] () -- C:\Windows\System32\XSrvSetup.exe
[2010/06/18 00:08:23 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/06/15 19:06:38 | 000,153,502 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/06/15 19:05:02 | 005,002,416 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/06/15 18:43:58 | 001,641,574 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/05/24 22:39:50 | 000,289,065 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010/05/24 22:38:34 | 000,962,008 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/05/19 23:59:20 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2010/05/19 23:59:10 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2010/05/19 23:59:02 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2010/05/19 23:58:52 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2010/05/19 23:58:24 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2010/05/19 23:58:18 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2010/05/19 23:58:08 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2010/05/19 23:57:42 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2010/05/19 23:57:38 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2010/05/19 23:57:26 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010/05/19 23:57:20 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2010/05/19 23:55:40 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2010/05/19 23:55:36 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2010/05/12 00:26:52 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/05/12 00:22:22 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/05/11 01:10:04 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/05/11 01:09:50 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/05/11 01:09:42 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/05/11 01:09:30 | 000,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010/05/11 01:07:24 | 001,556,992 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/05/11 01:05:28 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010/05/11 01:05:06 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/05/11 01:03:56 | 000,163,328 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\System32\vfprintpthelper.dll
[2009/08/27 10:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/08/12 00:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/07/27 11:13:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\ASDR.exe
[2009/07/14 07:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 07:33:53 | 000,450,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 05:05:48 | 000,647,308 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 05:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 05:05:48 | 000,118,438 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 05:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 05:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 05:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 03:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 02:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/20 15:04:42 | 000,045,568 | ---- | C] () -- C:\Windows\System32\spdifer_config.exe
[2009/01/11 01:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/11/06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/10/13 12:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1996/04/03 22:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/06/18 14:33:43 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\213wwer
[2011/03/18 00:11:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\BitTorrent
[2010/12/11 14:09:31 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\CAD-KAS
[2010/08/27 21:21:45 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Command and Conquer 4
[2010/07/01 22:21:25 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\DAEMON Tools Lite
[2010/06/18 01:24:49 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ESET
[2010/06/18 21:13:08 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\msnger
[2010/07/20 18:30:43 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nokia
[2010/07/20 18:29:00 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PC Suite
[2010/10/15 20:08:43 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PC-FAX TX
[2010/08/20 22:32:05 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Red Alert 3
[2010/10/15 20:08:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ScanSoft
[2010/06/19 15:38:43 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2011/05/29 02:21:40 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\uTorrent
[2010/09/02 20:34:58 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Win7codecs
[2010/10/15 20:08:55 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Zeon
[2010/06/19 17:32:27 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/06/05 20:42:32 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/08/28 14:13:41 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/06/05 21:29:03 | 000,004,608 | ---- | M] () -- C:\6XSourceFilter.grf
[2011/06/05 21:30:53 | 000,089,315 | ---- | M] () -- C:\aaw7boot.log
[2009/06/11 00:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/06/05 21:27:48 | 000,019,500 | ---- | M] () -- C:\ComboFix.txt
[2009/06/11 00:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/18 00:11:41 | 000,000,199 | ---- | M] () -- C:\csb.log
[2011/06/05 14:36:19 | 000,019,706 | ---- | M] () -- C:\debuglog.txt
[2011/06/05 21:30:53 | 2814,877,696 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/18 00:11:30 | 000,000,169 | ---- | M] () -- C:\Install.log
[2011/06/05 21:30:53 | 3753,172,992 | -HS- | M] () -- C:\pagefile.sys
[2010/06/18 00:10:47 | 000,002,013 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2009/07/14 07:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 07:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 07:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 07:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 00:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 04:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2010/12/08 14:11:52 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\LMIproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2009/07/14 04:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 07:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/07 18:22:42 | 000,000,221 | -HS- | M] () -- C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/06/05 20:51:44 | 004,112,084 | R--- | M] (Swearware) -- C:\Users\Roman\Desktop\ComboFix.exe
[2011/06/05 21:35:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 00:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/04 18:54:57 | 000,000,402 | -HS- | M] () -- C:\Users\Roman\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/06/05 21:32:16 | 000,146,122 | ---- | M] () -- C:\ProgramData\LmeUSB.log
[2010/06/18 20:54:43 | 000,000,143 | ---- | M] () -- C:\ProgramData\LmeZJSW.log
[2011/06/05 21:32:16 | 000,146,126 | ---- | M] () -- C:\ProgramData\LSDmbTH.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

broni · 2011/06/05

I can't continue, because you didn't say:

How is computer doing at the moment?
Click to expand...

kravetzroman · 2011/06/05

I don't see any thing different.

broni · 2011/06/05

Are you still getting any BSODs?

kravetzroman · 2011/06/06

First of all i want to thank you for your help.
second, so far no BSODs at all, but sometimes i have BSOD after a day or two, and not every day.

If there will be BSOD i will let you know in a replay here.

And again, thanks alot !!!

broni · 2011/06/06

Very well

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

====================================================

OTL log looks clean

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a BitDefender Online Scan

Disable your antivirus program.

Click Start Scanner button.

Click Free scan now button

Allow browser plug-in to be installed when prompted.

Click I Agree to agree to the EULA.

Please refrain from using the computer until the scan is finished.

When the scan is finished, click on View report.

Notepad will open with scan results.

Save the report to your desktop and post its content in your next reply.

kravetzroman · 2011/06/06

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Smart Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Adobe Flash Player 10.3.181.14
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

kravetzroman · 2011/06/06

QuickScan Beta 32-bit v0.9.9.96
-------------------------------
Scan date: Mon Jun 06 22:38:29 2011
Machine ID: AA3E8717

No infection found.
-------------------

Processes
---------
Ad-Aware Tray Application 4444 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Brother Status Monitor Application 3564 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
Brother Status Monitor Application 3428 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
Control Center 3 3508 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
ESET Smart Security 3016 C:\Program Files\ESET\ESET Smart Security\egui.exe
Google Chrome 2536 C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3372 C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5004 C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5132 C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
iTunes 3688 D:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 3948 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Malwarebytes' Anti-Malware 3768 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft IntelliPoint 3996 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
Microsoft IntelliPoint 3704 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
Microsoft® Windows® Operating System 4028 C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System 2484 C:\Windows\explorer.exe
PaperPort 3128 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
Realtek HD Audio Manager 2992 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
USB 3.0 Monitor 3000 C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
Windows® Search 4696 C:\Windows\System32\SearchProtocolHost.exe

(verified) LogMeIn 3536 D:\programs\LogMeIn\x86\LogMeInSystray.exe
(verified) Microsoft® Windows® Operating System 2448 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 2360 C:\Windows\System32\taskhost.exe

Network activity
----------------
Process chrome.exe (2536) connected on port 80 (HTTP) --> 80.86.110.21
Process sidebar.exe (4028) connected on port 443 (HTTP over SSL) --> 74.125.230.150
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.147
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.147
Process chrome.exe (5004) connected on port 443 (HTTP over SSL) --> 74.125.39.106
Process chrome.exe (5004) connected on port 80 (HTTP) --> 74.125.39.106
Process chrome.exe (5004) connected on port 80 (HTTP) --> 74.125.39.106
Process chrome.exe (5004) connected on port 80 (HTTP) --> 95.100.141.229
Process chrome.exe (5004) connected on port 80 (HTTP) --> 95.100.141.229
Process chrome.exe (5004) connected on port 80 (HTTP) --> 204.11.109.24
Process chrome.exe (5004) connected on port 80 (HTTP) --> 204.11.109.23
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.187
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.147
Process chrome.exe (5004) connected on port 80 (HTTP) --> 74.125.230.124
Process chrome.exe (5004) connected on port 80 (HTTP) --> 72.21.210.129
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.184
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.184
Process chrome.exe (5004) connected on port 80 (HTTP) --> 74.125.230.122
Process chrome.exe (5004) connected on port 80 (HTTP) --> 67.214.159.89
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.147
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.147
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.147
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.147
Process chrome.exe (5004) connected on port 80 (HTTP) --> 74.125.230.124
Process chrome.exe (5004) connected on port 80 (HTTP) --> 209.85.229.100
Process chrome.exe (5004) connected on port 80 (HTTP) --> 209.85.229.100
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.147
Process chrome.exe (5004) connected on port 443 (HTTP over SSL) --> 209.85.229.95
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.170
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.170
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.170
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.170
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.170
Process chrome.exe (5004) connected on port 80 (HTTP) --> 82.166.201.170
Process chrome.exe (5004) connected on port 443 (HTTP over SSL) --> 209.85.143.96
Process chrome.exe (5004) connected on port 80 (HTTP) --> 209.85.143.96
Process chrome.exe (5004) connected on port 80 (HTTP) --> 209.85.143.96
Process chrome.exe (5004) connected on port 80 (HTTP) --> 69.63.190.14
Process chrome.exe (5004) connected on port 443 (HTTP over SSL) --> 209.85.146.139
Process chrome.exe (5004) connected on port 443 (HTTP over SSL) --> 209.85.227.132
Process chrome.exe (5004) connected on port 80 (HTTP) --> 91.199.104.31

Autoruns and critical files
---------------------------
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe Systems, Inc. Adobe Gamma Loader C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Brother Status Monitor Application C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
ControlCenter C:\Program Files\Brother\ControlCenter3\brctrcen.exe
ESET Smart Security C:\Program Files\ESET\ESET Smart Security\egui.exe
iTunes D:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Microsoft IntelliPoint C:\Program Files\Microsoft IntelliPoint\ipoint.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
PaperPort C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
PaperPort C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
QuickTime C:\Program Files\QuickTime\QTTask.exe
Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
SSBkgdUpdate C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
SSEreg C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe
USB 3.0 Monitor C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
Windows® Internet Explorer c:\windows\system32\webcheck.dll
(verified) Google Update C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) LogMeIn D:\programs\LogMeIn\x86\LogMeInSystray.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
BitDefender QuickScan C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.96_0\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Conduit Toolbar c:\program files\conduitengine\conduitengine.dll
Conduit Toolbar c:\program files\utorrentbar\tbutor.dll
Conduit Toolbar c:\program files\www.sclient.net\prxtbwww..dll
Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Users\Roman\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll
Java(TM) Platform SE 6 U25 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U25 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
npitunes.dll D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
Windows® Internet Explorer C:\Windows\System32\ieframe.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

Scan
----
MD5: 8a6683ac1dafa824615bb3857ef8c709 C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
MD5: 37bc9e0e4b3657b54037777135569d1e C:\Program Files\Bonjour\mdnsNSP.dll
MD5: f2060a34c8a75bc24a9222eb4f8c07bd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 3524b19b9df27873f0aeb2c0ec82ebc9 C:\Program Files\Brother\Brmfcmon\brlm03a.dll
MD5: f71ec3fec2ebeb67d067e9da1469a9e0 C:\Program Files\Brother\Brmfcmon\brlmw03a.dll
MD5: 490f9a7948ef661df32a9f0dc8534284 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
MD5: 4d5d968fe6ae6bf94a807f73f7ff6b3d C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
MD5: f8acd567baeaab22b0f2cc9b9145a080 C:\Program Files\Brother\Brmfcmon\BRMFCWNDEng.dll
MD5: b11f7db91e12bbca71be88bfb2120faf C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MD5: db0387fe5668433d3a5ddbaeea2b05d9 C:\Program Files\Brother\ControlCenter3\brccDCtl.dll
MD5: 3a82502e93786f3ef4746ee8b515e2a7 C:\Program Files\Brother\ControlCenter3\brcceng.dll
MD5: 24bd0b5f1ce381c62e167e92e75bad5d C:\Program Files\Brother\ControlCenter3\brccFCtl.dll
MD5: 9cbc05b2044af8f85d7ca39f3588db06 C:\Program Files\Brother\ControlCenter3\brccimg.dll
MD5: 36e5ca5dce72a831a3f7c7ed8aea83ae C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
MD5: 4de3ef07e0854547309c6b40235a9d44 C:\Program Files\Brother\ControlCenter3\brctrcen.exe
MD5: 77fb208063da1322c2e3355466bb3fd4 C:\Program Files\Brother\ControlCenter3\LTDIS12n.dll
MD5: 3e673974ab50a2b8276de3fded15d56a C:\Program Files\Brother\ControlCenter3\LTFIL12n.DLL
MD5: f122133b677e43c0a027f5f742822bec C:\Program Files\Brother\ControlCenter3\LTKRN12n.dll
MD5: f31208835709a62ecc5d45211d89c772 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: bad6bea0de1f69c82bdb74378ce0c20a C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: c2ff17734176cd15221c10044ef0ba1a C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
MD5: c4ebbbd7165be535f0bfd06b80601d91 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: d855b0e63ecafe9ebd086af6691e0016 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL
MD5: 749cf03badc40453f61fd7025e2ba2f5 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: d30dd708f05fb85ef2c53727ed3573d2 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
MD5: 38711bb50d27b7145186f61ce31b3336 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
MD5: 9e515554a3ea7b70c975f61971c6977d C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
MD5: 7ef0c8a9a1a57756f4868e3693173c08 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 258d35f5f5f5f3f6045488ecdc14faab C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: 0eee814627f4384291687671f76419f6 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 10a3be228f8c14be1e4fd716336e4889 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 85d2a186afd93a318935791421efc605 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 13b19dd5ebeb6fddbd11dd77490a3585 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 631289583481c45c7342efd57442b738 C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
MD5: 4c0a4fefd62519552c0e5171f418c4bc C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
MD5: 846965ae55a2662b1576c0f392dd1d6e C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
MD5: fbfe36b870595b771284e0b2199f51c2 C:\Program Files\Common Files\Steam\SteamService.exe
MD5: d9a0ce26ada5bd15b1b03a752ddf14a6 c:\program files\conduitengine\conduitengine.dll
MD5: 764eeb4bca87921a629bbc52de421e8e C:\Program Files\ESET\ESET Smart Security\egui.exe
MD5: 9d7113489dac78f11900128b1cd57c19 C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll
MD5: dd9c0794bc1b8c0ad8aa90acc17e7d8b C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll
MD5: 23ce24b183cb677ffb1a6b525f489acd C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll
MD5: 8536973b658705f7bbe70f170fc753e0 C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll
MD5: a8e13dbda2f37913a64ea4099316e565 C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll
MD5: 3b9eb198660f72d9701fcff6f0982600 C:\Program Files\ESET\ESET Smart Security\eguiScan.dll
MD5: bccf37f76ab19ac0b2baa2b87ea78607 C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll
MD5: 28be3c618c9aa4e9c5cd8ac422559421 C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll
MD5: 7e5c9009d28fe0f2cde2b8df47472a06 C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
MD5: fddad27e9a20d0dac04facbf67afbfc1 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
MD5: fdc0c5adde1cde6edb0bef78f0699af3 C:\Program Files\Gigabyte\EnergySaver2\des2svr.exe
MD5: 5e947691097ba0a9aa4b8e44a4b9feb0 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 0bf28e777209ef48ad215c809ad2cbb5 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: ca9d4b998bff311a539604ed87318fa0 C:\Program Files\iPod\bin\iPodService.exe
MD5: ec48890b04d283371dc2cadac40ad5b5 c:\program files\java\jre6\bin\jp2ssv.dll
MD5: ed5394c852ae873d5a67e14e8049881d C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: b30f37242dd1c640dd5c770ff5b378ae C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
MD5: 0b85e5d913d862e57abb4f9721b14d74 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
MD5: 2487c45b64790fc210547919f18fac71 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
MD5: f06ca6475b7a538db9dc3f7b896b97e4 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: 84271ba3b94323704f00730b7e6caeef C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: ec60491a5ff57700f10fe0403f7dcad4 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: 1a54348c1d59f366ba72c35903e8260d C:\Program Files\Microsoft IntelliPoint\Components\Commands\dpghnt\dpghnt.dll
MD5: 5b679243a1255e1a8dbc95073c7ff1cb C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll
MD5: 5abcf162537dc0c1a11750635137adf1 C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll
MD5: 45c83c7dd96195529f1463d004c976d3 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
MD5: 9ddb8818eb2fd47cdbe8c8dc71ab74b2 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
MD5: d78a4bd68293b65e04165933acee7114 C:\Program Files\Microsoft IntelliPoint\ipres.dll
MD5: d12f3638bc6cbf449f535b89ed8c3e11 C:\Program Files\Microsoft IntelliPoint\srres.dll
MD5: 8e151a2a185daf9852322028abe55534 C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
MD5: 21ba9b0831f4d7f278f5e82363e94f96 C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
MD5: 08b438a5a06cd877f19b92f6868c031d C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
MD5: 0d01287d85b3715fa8270e8ec919b7f7 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll
MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe
MD5: 782217a862d7ee776d994c5f80def67b C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MD5: 64a36bb3d4d95420f063302e4999d4ee C:\Program Files\Realtek\Smart Dual Lan\rtkio.sys
MD5: 8043d88ccdeced8dd10ccc667ac9c52a C:\Program Files\Realtek\Smart Dual Lan\SDLService.exe
MD5: 521df626a1247df167cf061d02af30dc C:\Program Files\ScanSoft\PaperPort\BindRes.dll
MD5: e2bf206e5164569500742637b5459402 C:\Program Files\ScanSoft\PaperPort\blicectr.dll
MD5: be72c212b14fc8f872a70c6c311d0529 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
MD5: da9dc15a4f6705df7acf45e387c610ff C:\Program Files\ScanSoft\PaperPort\MaxRes.dll
MD5: 57c13c4390d5a294ec0b1ffffdd23c3d C:\Program Files\ScanSoft\PaperPort\PPRecDiag.dll
MD5: 27249f2a900032f3c2dfab8de8f16399 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
MD5: 1a3009363af0066b28fa144eaa3a2634 C:\Program Files\ScanSoft\PaperPort\XMAXUTIL.dll
MD5: d9a0ce26ada5bd15b1b03a752ddf14a6 c:\program files\utorrentbar\tbutor.dll
MD5: 77fbd400984cf72ba0fc4b3489d65f74 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: ea6eadf6314e43783ba8eee79f93f73c C:\Program Files\Windows Sidebar\sidebar.exe
MD5: e1c1197d2202843f1cbafb449851c7f5 C:\Program Files\Windows Sidebar\wlsrvc.dll
MD5: b92293778555ce3dabe7f0a7e98b34c0 c:\program files\www.sclient.net\prxtbwww..dll
MD5: d15b465563c1b3b076381776d18935ad C:\Users\Roman\AppData\Local\Google\Chrome\Application\11.0.696.77\avcodec-52.dll
MD5: 2bc1cbbdfb140311116122c9e5b94684 C:\Users\Roman\AppData\Local\Google\Chrome\Application\11.0.696.77\avformat-52.dll
MD5: 63f8c0b4810def29c9941ff19e7fcd26 C:\Users\Roman\AppData\Local\Google\Chrome\Application\11.0.696.77\avutil-50.dll
MD5: 9d4c25733ccdc9c705a083ef502b35ac C:\Users\Roman\AppData\Local\Google\Chrome\Application\11.0.696.77\chrome.dll
MD5: b5969df9c8b2b149840dbf99d4c15e4f C:\Users\Roman\AppData\Local\Google\Chrome\Application\11.0.696.77\gears.dll
MD5: adf430a97f039bc32d49680f429f8058 C:\Users\Roman\AppData\Local\Google\Chrome\Application\11.0.696.77\icudt46.dll
MD5: 457c181cb240c0aaa96b17d5be883c58 C:\Users\Roman\AppData\Local\Google\Chrome\Application\11.0.696.77\pdf.dll
MD5: f36394166b995361b860746f2231484c C:\Users\Roman\AppData\Local\Google\Chrome\Application\11.0.696.77\ppGoogleNaClPluginChrome.dll
MD5: 44719515ef9d9b7d5d1fcbc204edf4c6 C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
MD5: c8897b08b5a36b0d6712c434b3b83612 C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.96_0\npqscan.dll
MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Users\Roman\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
MD5: 942889718d170da972e710f9bc1d7be5 C:\Users\Roman\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Network_Meter_V6.3.gadget\netlib.dll
MD5: 37f1a2f1b1b7876ae6099ba4ee6c6d56 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dda6d8c7413334b605fcf590a702e9f1\Microsoft.VisualBasic.ni.dll
MD5: 1661939dfef9495751601fc1a5a946d4 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll
MD5: a176025ac7f5b4568150dc1080de1d39 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9d054fc9618b81d5703af1662cd11135\System.Configuration.ni.dll
MD5: 1d44211c58d1178eb66518c18622958d C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\167c8c3817ba1f48fe7396cc56f557e3\System.Xml.ni.dll
MD5: 30ce301c8f874c45e857d0dace1e8eb8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\50c67f851ae3df2d0ab7d86fd1c5c7e0\System.ni.dll
MD5: ff5b32c1237c855556413fb34b98a4e1 C:\Windows\ATKKBService.exe
MD5: 3f4413dcd8d3bbabf08f68f25e6d60e1 C:\Windows\Downloaded Program Files\isusweb.dll
MD5: 1697c39978cd69f6fbc15302edcece1f C:\Windows\ehome\ehRecvr.exe
MD5: 3af0ae042afe486b22644cd3fbebf2e2 C:\Windows\etdrv.sys
MD5: d556cb79967e92b5cc69686d16c1d846 C:\Windows\gdrv.sys
MD5: c12c6b2201af4e116ba10089ea5e2bd7 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: c5b62807c0fd81ac1ed419faea666993 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 4b720cc508b4fb999a7bf0e6d84f73e1 C:\Windows\System32\ASDR.exe
MD5: 0e4f5f276ac0dd50233fc4074cf30f8c C:\Windows\system32\aticfx32.dll
MD5: 47164a8ff5856cb490760bda53eb4119 C:\Windows\system32\atidxx32.dll
MD5: ebccbcbf1df132e4775e5d6e6dea3ed0 C:\Windows\system32\atiesrxx.exe
MD5: a43f68d39403926b925d8238f956f530 C:\Windows\system32\atiuxpag.dll
MD5: fabfc817547eabb19b74849cef410622 C:\Windows\system32\authui.dll
MD5: 258154ed7dda83e2f201ef7103142e5e C:\Windows\system32\ConnAPI.DLL
MD5: 7c5567a00456f3a3a07800ebb3f351c4 C:\Windows\system32\d2d1.dll
MD5: c5f549970ac071ea452e58b6422c94fa C:\Windows\system32\d3d10_1.dll
MD5: 029e2a480ce2020df097e535a2311712 C:\Windows\system32\d3d10_1core.dll
MD5: 524408d5127f14b71e574d80f2f0924f C:\Windows\system32\D3D10Warp.dll
MD5: 7fb5696ebcb8131ad2e2defe5f19c4b5 C:\Windows\System32\davclnt.dll
MD5: 62390f4ace9e2b63e3ca26b7f7497897 C:\Windows\system32\DNSAPI.dll
MD5: b15be77a2bacf9c3177d27518afe26a9 C:\Windows\System32\dnsrslvr.dll
MD5: 7c1ecdedc0571763a36dd46c3638a87b C:\Windows\system32\DRIVERS\AF15BDA.sys
MD5: b6e6b264e9c4d0ad0e97af8434c8754d C:\Windows\system32\drivers\asusgsb.sys
MD5: 8df873d0587596c1d35a9cececc61da1 C:\Windows\system32\drivers\AtiHdmi.sys
MD5: 7b4342936a3885cfe18e5d1df6d55bc5 C:\Windows\system32\drivers\AtihdW73.sys
MD5: 8e6bf8e8b78ba958b30b0c0e83c86c87 C:\Windows\system32\DRIVERS\atikmdag.sys
MD5: fb68e1b9cec598f0f69503f3aebb45dd C:\Windows\system32\DRIVERS\atikmpag.sys
MD5: 409aafbd2642813f2c1bb446c816e354 C:\Windows\system32\drivers\ATKDispLowFilter.sys
MD5: 5f82ef81858852bbfbe7d13efee2f281 C:\Windows\system32\drivers\atkkbnt.sys
MD5: 9a5c671b7fbae4865149bb11f59b91b2 C:\Windows\system32\DRIVERS\bowser.sys
MD5: 08c7e41ff10f56e83b4f10b5e8b1e8b6 C:\Windows\system32\DRIVERS\BrSerIb.sys
MD5: 2132a117160f2a96a13c044ae9bced91 C:\Windows\system32\DRIVERS\BrUsbSIb.sys
MD5: 1679a4669326cb1a67cc95658d273234 C:\Windows\System32\drivers\dxgkrnl.sys
MD5: 30372bcc67d63bee538cdfeca755d81c C:\Windows\system32\DRIVERS\eamon.sys
MD5: 6504d6afb75fef830dd99e8c4235d54d C:\Windows\system32\DRIVERS\ehdrv.sys
MD5: 42584ec72495f4da1704123a20ac1012 C:\Windows\system32\DRIVERS\EIO.sys
MD5: 86895d4413316becc2d7944d2749586c C:\Windows\system32\DRIVERS\epfw.sys
MD5: 396ce762d1650387a2fe184e245fbba1 C:\Windows\system32\DRIVERS\epfwwfp.sys
MD5: 689a8eef2a2d62b28a0a578a6196531c C:\Windows\system32\Drivers\GVTDrv.sys
MD5: 484836413c2348244c8008c962240c8d C:\Windows\system32\DRIVERS\jraid.sys
MD5: 3d2c13377763eeac0ca6fb46f57217ed C:\Windows\system32\drivers\mbam.sys
MD5: b4c76ef46322a9711c7b0f4e21ef6ea5 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: e593d45024a3fdd11e93cc4a6ca91101 C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: a9f86c82c9cc3b679cc3957e1183a30f C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: e079302fc304cc3f8d444d770c1275d9 C:\Windows\system32\DRIVERS\nusb3hub.sys
MD5: 456f7262604f85746919823f592b303c C:\Windows\system32\DRIVERS\nusb3xhc.sys
MD5: 7d7a9c17d5455203dea11e5ef886cc59 C:\Windows\system32\DRIVERS\point32.sys
MD5: 5de4220dc9b74d155266fde5bcba9580 C:\Windows\system32\drivers\RTKVHDA.sys
MD5: 7f8d15ee000577be703537849d4f9397 C:\Windows\system32\DRIVERS\RtNdPt60.sys
MD5: 815445f4676cc96bc9aeec303c727e19 C:\Windows\system32\DRIVERS\s116bus.sys
MD5: 333d1e0743e6de1779c3c418ac601c3a C:\Windows\system32\DRIVERS\s116mdfl.sys
MD5: 50d6e5b021e9ec7553ab8a3553cc1b6b C:\Windows\system32\DRIVERS\s116mdm.sys
MD5: 1589aa53e43f8d193a7d4d580d3ffa95 C:\Windows\system32\DRIVERS\s116mgmt.sys
MD5: 306f85733671fe507470f0273025e768 C:\Windows\system32\DRIVERS\s116nd5.sys
MD5: ec32601f04a5a5de89315d0f55e73d66 C:\Windows\system32\DRIVERS\s116obex.sys
MD5: 32e3ecb4b2b5887426eaf241a8149cde C:\Windows\system32\DRIVERS\s116unic.sys
MD5: 4a9b0f215de2519e2363f91df25c1e97 C:\Windows\System32\DRIVERS\srv.sys
MD5: 14c44875518ae1c982e54ea8c5f7fe28 C:\Windows\System32\DRIVERS\srv2.sys
MD5: 07a14223b0a50e76ade003fdf95d4fec C:\Windows\System32\DRIVERS\srvnet.sys
MD5: d4fb6ecc60a428564ba8768b0e23c0fc C:\Windows\System32\Drivers\usbaapl.sys
MD5: 88701eca76145e2c011c0eeff0f7b70e C:\Windows\system32\drivers\usbser.sys
MD5: bb16932a4189e82d6c455042c11849b6 C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
MD5: e748d50b3b2ec7f40a2ba67fb094cf01 C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
MD5: 8643da4a6c83da6c10fcab1e5ab6632d C:\Windows\System32\Drivers\Video3D32.sys
MD5: 60cc965a89e2072ebd26d63d5e1e1d18 C:\Windows\system32\dwmcore.dll
MD5: c0523fe101a30e3821604fe1ca1740d7 C:\Windows\system32\DWrite.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\System32\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\System32\Dxtrans.dll
MD5: 8898c95862d03d16b2a06db4db6bb6b2 C:\Windows\system32\EXPLORERFRAME.dll
MD5: 151258fc2ec8c48bdf8a53350ae0a676 C:\Windows\system32\FntCache.dll
MD5: 77ebf3e9386daa51551af429052d88d0 C:\Windows\system32\giveio.sys
MD5: 8dd29072e90e9eab909d388d629248aa C:\Windows\System32\ieframe.dll
MD5: d3f60bc53ff510b88b9acbc3f64fe922 C:\Windows\system32\iertutil.dll
MD5: c45df7436e84c1aff4e85e828f69b849 C:\Windows\System32\jscript9.dll
MD5: 33bec0ff1d70df55d4920132572e577f C:\Windows\system32\LMIRfsClientNP.dll
MD5: 27fc75229eee367d4c0e643c108a90fa C:\Windows\System32\LocationApi.dll
MD5: 67c04ffc699b37e1b15d702d723348bb C:\Windows\system32\Macromed\Flash\Flash10p.ocx
MD5: 5aace82bcdb40634290930f93be745b7 C:\Windows\system32\Macromed\Flash\NPSWF32.dll
MD5: 4def8126cabaa6cdc12103cd74c6a919 C:\Windows\System32\mshtml.dll
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: bd669749eaeff96773b5f8d0a43e0068 C:\Windows\System32\msxml3.dll
MD5: 5f856156f709df40b42d36ae8a0f0695 C:\Windows\System32\msxml6.dll
MD5: 3bbf9937cc8c58e8b418b01bddb8d43b C:\Windows\SYSTEM32\ntdll.dll
MD5: e2c2d8c982316c8abf800c6ce3f28fab C:\Windows\system32\ole32.dll
MD5: a07da8434b12b2cd0ad2994f05d1129e C:\Windows\system32\OLEAUT32.dll
MD5: 2862a3819bbc9757dd27bac41a4e0a3e C:\Windows\System32\pnidui.dll
MD5: a1dd33d16f277ce34124ee52ab2c0f14 C:\Windows\system32\PnkBstrA.exe
MD5: 38cda1e493c6589910a3fbe81eccd354 C:\Windows\system32\PnkBstrB.exe
MD5: 21cf5c7d8d727dcc337a1d251b6135f4 C:\Windows\system32\schannel.DLL
MD5: df1e5c82e4d09cf8105cc644980c4803 C:\Windows\system32\schedsvc.dll
MD5: d6626c93bf7f557839c028d32247f910 C:\Windows\System32\SensorsApi.dll
MD5: 9f70cd5edcc4efc48ae21e04fb03be9d C:\Windows\system32\speedfan.sys
MD5: d1bb750eb51694de183e08b9c33be5b2 C:\Windows\System32\spoolsv.exe
MD5: 4c287f9069fedbd791178876ee9de536 C:\Windows\system32\sppsvc.exe
MD5: 8f6bf790d3168224c16f2af68a84438c C:\Windows\System32\srvsvc.dll
MD5: 8c7fe6b9559204765849bff308764fa5 C:\Windows\System32\SyncCenter.dll
MD5: 04105c8da62353589c29bdaeb8d88bd8 C:\Windows\system32\sysmain.dll
MD5: 21012407e8c74aa72bbb485b0fc197fe C:\Windows\system32\taskschd.dll
MD5: aa5f4683a0c3c40d90377aa238a6f1b7 C:\Windows\system32\urlmon.dll
MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C:\Windows\system32\vbscript.dll
MD5: 7790b77fe1e5ee47dcc66247095bb4c9 C:\Windows\system32\wbengine.exe
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\system32\webcheck.dll
MD5: bb5ec38f8d4600119b4720bc5d4211f1 C:\Windows\System32\webclnt.dll
MD5: 4fb96aacf2f05c7357546becd7678863 C:\Windows\system32\webio.dll
MD5: 9a6dedbe309aa0ce2c31ee6799b38e4f C:\Windows\System32\werconcpl.dll
MD5: cc9bbcfc715fbedf7ae476106fe653e9 C:\Windows\system32\WINHTTP.dll
MD5: a1236375b74ea63c75657d564890c436 C:\Windows\system32\WININET.dll
MD5: 374b26395852a9092bde2e4c8d4d0c8d C:\Windows\System32\WSCAPI.dll
MD5: a661a76333057b383a06e65f0073222f C:\Windows\system32\wscsvc.dll
MD5: 7fd5532c142db6c9cc47aa4dcf71fdec C:\Windows\System32\wscui.cpl
MD5: a33408cc036f9c08142b11be5e93f0a1 C:\Windows\system32\wuaueng.dll
MD5: b4cda1b4263b53d249ac27a4892da634 C:\Windows\System32\XSrvSetup.exe
MD5: 8d25a3bf9d0005d264f105414ae2cde6 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\MSVCP80.dll
MD5: 0ef2917efd6d96e4c9cf121738cf5409 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\MSVCR80.dll
MD5: e983dc6a5c218016252af33b6ca6bfcb C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_cbf62b764709d1c9\MFC80U.DLL
MD5: e0b432f20fa54fa689949ac6dbc4c4ab C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\MSVCP90.dll
MD5: 355fe68a41ec27c2a3d1a6e86a582820 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.5570_none_509463cabcb6ef2a\MSVCR90.dll
MD5: d3ead1cf16ba729a7f7c9a5d94aa7c05 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll
MD5: 4b8dd8541c0e26602005dd0137333615 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MD5: c37f4fa10f7468625e7acad98fab4465 D:\Program Files\iTunes\iTunesHelper.dll
MD5: 638c728f21ccc7ec4f8517a212c34353 D:\Program Files\iTunes\iTunesHelper.exe
MD5: f3d835ccc3db2083f09e7a1d2820407b D:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 64ee2e5ab46a27eeffeadb76b34dbc76 D:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 167235bfcb884d8b4d514767cb82fcef D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: f622a3c0c10a26c1dc789cdeb0b2a4eb D:\programs\LogMeIn\x86\LMIGuardianSvc.exe
MD5: 432618fa75b61059d2c57d6a7e55147a D:\programs\LogMeIn\x86\LogMeIn.exe
MD5: 6c5048b9b789cece052fc8d8efb1b691 D:\programs\LogMeIn\x86\LogMeInSystray.dll
MD5: ce9e8bf4e9194b29767cda90f8bdc675 D:\programs\LogMeIn\x86\RaMaint.exe
MD5: 63431ce5753c39f9adc9d00b4b046bff D:\programs\LogMeIn\x86\rntfywnd.dll
MD5: 4f9c551c11b87c49646d07212bdf5843 D:\programs\nokia\Nokia PC Suite 6\Lang\PhoneBrowser_heb.nlr
MD5: 6550787d16122f4989cfe1987a23543b D:\programs\nokia\Nokia PC Suite 6\PCSCM.dll
MD5: ee72989bdac20cc914adef6a7bceedb9 D:\programs\nokia\Nokia PC Suite 6\PhoneBrowser.dll
MD5: e008d9b45a8955ca37307fa0516d1475 D:\programs\nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.02 MB sent, 0.85 KB recvd
Scanned 857 files and modules - 21 seconds

==============================================================================

Log in or Sign up

Solved need help with deleting viruses

kravetzroman Inactive Thread Starter

PeteC SuperGeek Staff

kravetzroman Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

kravetzroman Inactive Thread Starter

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

kravetzroman Inactive Thread Starter

Share This Page

Log in or Sign up

Solved need help with deleting viruses

kravetzroman Inactive Thread Starter

PeteC SuperGeek Staff

kravetzroman Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

kravetzroman Inactive Thread Starter

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

broni Moderator Malware Analyst

kravetzroman Inactive Thread Starter

kravetzroman Inactive Thread Starter

Share This Page

Useful Searches