mirkata Публикувано Октомври 28, 2011 Report Share Публикувано Октомври 28, 2011 Virus SYSTEM RESTORE ми блокира тотално компа - черен екран , в старт менюто няма нищо , всичко е празно , пълен блокаж , даже и на таск манажера, стартира вируса и ми дава че съм заразен с разни гадини , и иска да го закупя , излиза ми съобщение че харда ми частично е повреден . Успях да пусна Авира, ама хич я няма. Няма ми я и куик лентата , за да пусна Malware antiwirus , тя със сигурност ще хване гадината . Не съм пускал в сеив моде , исках най напред да получа адекватни указания.Чудя се дали направо дали да не преинсталирам , ама не съм сигурен дали харда не е поразен.Сега пиша от друг комп.Моя комп е HP Compaq 2200 dx , Уиндос ХР СП3 , рам 2 Гб , хард 160 Гб , П4 .Moля за помощ . Цитирай Link to comment Сподели другаде More sharing options...
mirkata Публикувано Октомври 28, 2011 Author Report Share Публикувано Октомври 28, 2011 Допълнителна информация :Успях да влезна в сейв моде , всичко беше променено и всички дялове , папки и др скрити. Успях да пусна Malwarebytes antivirus . Първия път откри 7 вируса , втория - 1 , а третия - 0 .Макар и да унищожих вирусите , положението е плачевно , явно вървя към преинсталация .Чакам още указания . Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 29, 2011 Report Share Публикувано Октомври 29, 2011 Изтегли OTL и го запази на работния плот:- стартирай инструмента;- постави отметка в горната част на Scan All Users;- в поле Standard Registry избери All;- от падащо меню File Age избери 90 Days;- постави отметки още на: Skip Microsoft Files, LOP Check и Purity Check;- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):netsvcs netsvcs msconfig safebootminimal safebootnetwork %SYSTEMDRIVE%\*.* %USERPROFILE%\*.* %USERPROFILE%\Application Data\*.* %USERPROFILE%\Local Settings\Application Data\*.* %AllUsersProfile%\*.* %AllUsersProfile%\Application Data\*.* %USERPROFILE%\My Documents\*.* %CommonProgramFiles%\*.* %PROGRAMFILES%\*.* %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /90 %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\Spool\prtprocs\w32x86\*.dll /md5start hlp.dat winlogon.exe wininit.exe userinit.exe explorer.exe volsnap.sys /md5stop- кликни бутон Run Scan;Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt. Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар. Цитирай Link to comment Сподели другаде More sharing options...
mirkata Публикувано Октомври 29, 2011 Author Report Share Публикувано Октомври 29, 2011 Night_Raven , както съм писал компа ми е блокиран тотално, аз пиша опт друг комп сега. На него излиза само една таблица на System restore и нищо друго , черен екран , всичко друго е скрито . В сев моде едва успях да покажа дял С: и да пусна Авира и Malwarebytes -резултат от унищожаване на вирусите - никакъв .Давам снимки с фотоапарат за пригледност .Това ми се явява пъвроначално в сейв модеhttp://postimage.org/image/y954zo5ev/тези гадини откри Malwarebytes http://postimage.org/image/ei8bg26av/ Тези указания дето ми ги давате надали мога да ги изпълня .Аз се отчаях , защото виждам директно какво е положението .Моля да ми обясните дали е добре да преинсталирам или ше се влоши положението. Цитирай Link to comment Сподели другаде More sharing options...
s.feradov Публикувано Октомври 29, 2011 Report Share Публикувано Октомври 29, 2011 Можете ли изобщо да стартирате операционната система нормално? Изглежда сте се натъкнали на Rogue HDD зарази, които представляват софтуер, създаден да залъже потребителя, че съществуват различни проблеми със системата. Оттук веднага може да разберете, че няма никакъв проблем с твърдия диск. Ако е възможно да стартирате системата, изпълнете това, което е препоръчал Night_Raven. Ако не е възможно гореспоменатото, то тогава:Изтеглете RKill by Grinler оттук.Преди да започнете, се уверете, че сте изключили антивирусната си програма, както и всякакъв друг anti-malware софтуер.Стартирайте RKill от Вашия десктоп.Ще се появи черен екран, който ще изчезне след това. Това означава, че инструментът се е стартирал успешно.Ако инструментът не се стартира, то моля, кажете това в следващия си пост.След работа с RKill НЕ рестартирайте системата.Внимание: Ако е невъзможно стартирането на инструмента , то ще се наложи той да бъде изтеглен на чиста операционна система и след това качен на преносим носител. Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 29, 2011 Report Share Публикувано Октомври 29, 2011 Малко не разбрах. Не винаги успява да зареди в Safe Mode? Цитирай Link to comment Сподели другаде More sharing options...
mirkata Публикувано Октомври 29, 2011 Author Report Share Публикувано Октомври 29, 2011 Малко не разбрах. Не винаги успява да зареди в Safe Mode? Night_Raven , винаги мога да заредя Safe Mode .Както разбирам , трябва да заредя Safe Mode с интернет , да изключа антивирусна и др. подобни и да изпълнявам вашите указания в Safe Mode . За пръв път ще влизам в такъв режим с интернет .Заслужава се да опитам , за да спася компа .Ще се опитам и ще пиша за резултата . Можете ли изобщо да стартирате операционната система нормално? Изглежда сте се натъкнали на Rogue HDD зарази, които представляват софтуер, създаден да залъже потребителя, че съществуват различни проблеми със системата. Оттук веднага може да разберете, че няма никакъв проблем с твърдия диск. Ако е възможно да стартирате системата, изпълнете това, което е препоръчал Night_Raven. Ако не е възможно гореспоменатото, то тогава:Изтеглете RKill by Grinler оттук.Преди да започнете, се уверете, че сте изключили антивирусната си програма, както и всякакъв друг anti-malware софтуер.Стартирайте RKill от Вашия десктоп.Ще се появи черен екран, който ще изчезне след това. Това означава, че инструментът се е стартирал успешно.Ако инструментът не се стартира, то моля, кажете това в следващия си пост.След работа с RKill НЕ рестартирайте системата.Внимание: Ако е невъзможно стартирането на инструмента , то ще се наложи той да бъде изтеглен на чиста операционна система и след това качен на преносим носител.s.feradov , мога да заредя уиновса нормално , зарежда , но всичко е скрито , показва ми се само една таблица с вируса , който иска да сканира или да го закупя. В старт менюто няма никой , алл програмс пише - изпразнено , изобщо само тази таблица на вируса на дескопа . OTL Extras logfile created on: 29.10.2011 г. 17:57:03 - Run 1OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\TR45\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.' 1,99 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,28% Memory free3,84 Gb Paging File | 3,38 Gb Available in Paging File | 87,93% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 37,26 Gb Total Space | 28,78 Gb Free Space | 77,25% Space Free | Partition Type: NTFSDrive D: | 111,79 Gb Total Space | 77,72 Gb Free Space | 69,52% Space Free | Partition Type: NTFS Computer Name: HOME-F8D6E85E47 | User Name: TR45 | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*http [open] -- Reg Error: Key error.https [open] -- Reg Error: Key error.piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 1"FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"19727:TCP" = 19727:TCP:*:Enabled:BitComet 19727 TCP"19727:UDP" = 19727:UDP:*:Enabled:BitComet 19727 UDP"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet -- (www.BitComet.com)"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"F:\PROGRAMS\SPRINT LAYOUT _5_PORTABLE_RUS\Spint_Layout_5_portable_rus\Spint_Layout_5_rus\layout50.exe" = F:\PROGRAMS\SPRINT LAYOUT _5_PORTABLE_RUS\Spint_Layout_5_portable_rus\Spint_Layout_5_rus\layout50.exe:*:Enabled:layout50"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0A60F381-92E2-4F2D-A74B-691A4B4FF0FC}" = TP-LINK Wireless Client Utility"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent"{40A0B29E-B270-450B-BF4D-34493A934523}" = Домашен Кулинар FX"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner"{6AECFE2F-86D3-4EA8-B110-19CDAA343199}" = ItaEst - Taka e!"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"AskTBar Uninstall" = Ask Toolbar"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus"BabylonToolbar" = Babylon toolbar on IE"BitComet" = BitComet 1.27"CCleaner" = CCleaner (remove only)"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant"facemoods" = Facemoods Toolbar"Google Updater" = Google Updater"HDMI" = Intel® Graphics Media Accelerator Driver"High Quality Photo Resizer_is1" = High Quality Photo Resizer 5.02"ie8" = Windows Internet Explorer 8"IrfanView" = IrfanView (remove only)"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full)"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware, версия 1.51.2.1300"MSNINST" = MSN"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition"PhotoScape" = PhotoScape"Proxy+" = Proxy+"SpeedFan" = SpeedFan (remove only)"Unlocker" = Unlocker 1.9.0"Windows XP Service Pack" = Windows XP Service Pack 3"WinRAR archiver" = Архиватор WinRAR"Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"FoxTab PDF Converter" = FoxTab PDF Converter ========== Last 10 Event Log Errors ========== [ Application Events ]Error - 15.9.2011 г. 05:43:55 | Computer Name = HOME-F8D6E85E47 | Source = ESENT | ID = 490Description = svchost (1352) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"for read / write access failed with system error 32 (0x00000020): "The processcannot access the file because it is being used by another process. ". The openfile operation will fail with error -1032 (0xfffffbf8). Error - 28.10.2011 г. 14:07:18 | Computer Name = HOME-F8D6E85E47 | Source = MSDTC | ID = 4404Description = MS DTC Tracing infrastructure : the initialization of the tracinginfrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,Line: 1115, StartTrace Failed, hr=0x800700a1 Error - 28.10.2011 г. 16:05:16 | Computer Name = HOME-F8D6E85E47 | Source = MBAMService | ID = 131073Description = [ System Events ]Error - 29.10.2011 г. 10:29:37 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000Description = The Bandoo Coordinator service failed to start due to the followingerror: %%3 Error - 29.10.2011 г. 10:29:37 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7001Description = The MBAMService service depends on the MBAMProtector service whichfailed to start because of the following error: %%2 Error - 29.10.2011 г. 10:29:37 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000Description = The Nero BackItUp Scheduler 4.0 service failed to start due to thefollowing error: %%2 Error - 29.10.2011 г. 10:31:02 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7009Description = Timeout (30000 milliseconds) waiting for the Application Layer GatewayService service to connect. Error - 29.10.2011 г. 10:31:02 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000Description = The Application Layer Gateway Service service failed to start dueto the following error: %%1053 Error - 29.10.2011 г. 10:43:31 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000Description = The MBAMProtector service failed to start due to the following error: %%2 Error - 29.10.2011 г. 10:43:31 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000Description = The StarOpen service failed to start due to the following error: %%2 Error - 29.10.2011 г. 10:43:31 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000Description = The Bandoo Coordinator service failed to start due to the followingerror: %%3 Error - 29.10.2011 г. 10:43:31 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7001Description = The MBAMService service depends on the MBAMProtector service whichfailed to start because of the following error: %%2 Error - 29.10.2011 г. 10:43:31 | Computer Name = HOME-F8D6E85E47 | Source = Service Control Manager | ID = 7000Description = The Nero BackItUp Scheduler 4.0 service failed to start due to thefollowing error: %%2 < End of report > OTL logfile created on: 29.10.2011 г. 17:57:03 - Run 1OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\TR45\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.' 1,99 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,28% Memory free3,84 Gb Paging File | 3,38 Gb Available in Paging File | 87,93% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 37,26 Gb Total Space | 28,78 Gb Free Space | 77,25% Space Free | Partition Type: NTFSDrive D: | 111,79 Gb Total Space | 77,72 Gb Free Space | 69,52% Space Free | Partition Type: NTFS Computer Name: HOME-F8D6E85E47 | User Name: TR45 | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2011.10.29 17:53:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exePRC - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exePRC - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exePRC - [2011.07.07 20:44:25 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2011.04.21 07:54:05 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exePRC - [2011.04.21 07:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2011.04.21 07:53:33 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2009.12.28 20:28:14 | 000,561,263 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exePRC - [2009.09.21 21:48:44 | 000,499,796 | -H-- | M] (Atheros) -- C:\WINDOWS\system32\acs.exePRC - [2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exeMOD - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exeMOD - [2011.05.28 22:04:56 | 000,140,288 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dllMOD - [2010.07.05 00:32:38 | 000,010,752 | -H-- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dllMOD - [2010.06.17 15:27:22 | 000,355,688 | -H-- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dllMOD - [2010.01.21 01:20:18 | 000,278,528 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dllMOD - [2010.01.05 19:56:02 | 000,163,840 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dllMOD - [2009.12.28 21:43:44 | 000,077,824 | -H-- | M] () -- C:\WINDOWS\system32\wgapiloc.dllMOD - [2009.12.28 20:28:14 | 000,561,263 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exeMOD - [2009.12.28 20:28:00 | 000,422,000 | -H-- | M] () -- C:\WINDOWS\system32\wgapi.dllMOD - [2007.08.21 13:32:44 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\redmonnt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)SRV - File not found [Disabled | Stopped] -- -- (HidServ)SRV - File not found [Auto | Stopped] -- -- (Bandoo Coordinator)SRV - [2011.08.31 17:00:48 | 000,366,152 | -H-- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2011.07.07 20:44:25 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)SRV - [2011.04.21 07:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)SRV - [2009.09.21 21:48:44 | 000,499,796 | -H-- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) ========== Driver Services (SafeList) ========== DRV - [2011.07.07 20:44:27 | 000,138,192 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)DRV - [2011.07.07 20:44:27 | 000,066,616 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)DRV - [2010.06.17 15:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)DRV - [2010.06.17 15:27:12 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)DRV - [2010.01.05 06:31:32 | 001,714,176 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)DRV - [2009.09.21 21:49:12 | 000,058,208 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)DRV - [2009.03.25 15:40:52 | 001,392,498 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)DRV - [2008.04.14 11:26:08 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)DRV - [2008.04.14 11:23:10 | 000,040,320 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)DRV - [2006.09.24 16:28:46 | 000,005,248 | -H-- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)DRV - [2004.08.04 01:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)DRV - [2001.08.23 15:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)DRV - [2001.08.23 15:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)DRV - [2001.08.18 00:51:32 | 000,018,688 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)DRV - [1996.04.03 22:33:26 | 000,005,248 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dir.bg/IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us,bg-BG;q=0.5IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 56 1C 4F 8D A0 CB 01 [binary data]IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\InprocServer32 File not foundIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.intranet.vivacom.bg;*.btk.bg;*.btc.corp;*ad.btk.bg;192.168.*;europe.citidirect-eb.citicorp.com;pbs.btc-net.bg;www.office1.bg;us.citidirect.citicorp.com;face.oeticket.com*;netact.vivatel.bg;crl.btc.bg;aia.btc.bg;ssa.vivacom.bg;<local>IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.btk.bg:80 FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2001.08.23 15:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not foundO2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not foundO2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll File not foundO2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll File not foundO2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not foundO3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not foundO3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not foundO3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not foundO4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)O4 - HKLM..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not foundO4 - HKLM..\Run: [trfnnmNFIoGhaDl.exe] C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe ()O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0O8 - Extra context menu item: &С&валяне &с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)O8 - Extra context menu item: &С&валяне на всички с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not foundO8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\TR45\Application Data\FlashGetBHO\GetUrl.htm ()O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\TR45\Application Data\FlashGetBHO\GetAllUrl.htm ()O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C9D17E1-2F5C-4F60-A7A0-F170BCC9965B}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEDE183-4CA0-4B16-98FE-09E8314A5FF8}: DhcpNameServer = 10.209.249.130 10.16.168.11O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 (My Current Home Page) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\TR45\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\TR45\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - Unable to obtain root file information for disk D:\O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not foundNetSvcs: HidServ - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not found NetSvcs: 6to4 - File not foundNetSvcs: HidServ - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: facemoods - hkey= - key= - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not foundMsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()MsConfig - State: "system.ini" - 0MsConfig - State: "win.ini" - 0MsConfig - State: "bootini" - 0MsConfig - State: "services" - 0MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: SCSI Class - Driver GroupSafeBootMin: sermouse.sys - DriverSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: vds - ServiceSafeBootMin: vga.sys - DriverSafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)SafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: SCSI Class - Driver GroupSafeBootNet: sermouse.sys - DriverSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: vga.sys - DriverSafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ========== Files/Folders - Created Within 90 Days ========== [2011.10.29 17:54:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TR45\Recent[2011.10.29 17:53:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe[2011.10.28 20:43:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\System Restore[2011.09.29 21:44:08 | 000,607,260 | RH-- | C] (Swearware) -- C:\Documents and Settings\TR45\Desktop\dds.scr[2011.09.29 21:19:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Malwarebytes[2011.09.29 21:19:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware[2011.09.29 21:19:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2011.09.29 21:19:47 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2011.09.21 19:14:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TR45\Copy of Favorites[2011.09.18 01:05:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth[2011.09.03 21:21:51 | 000,135,168 | RH-- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll[2011.09.03 21:20:24 | 000,061,440 | RH-- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4396.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuITA.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuESP.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuENG.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuELL.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll[2011.09.03 21:20:22 | 000,114,688 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmudlg.exe[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARB.dll[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARA.dll[2011.09.01 18:02:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype[2011.08.25 20:13:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero[2011.08.25 20:11:20 | 000,125,184 | -H-- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys[2011.08.25 20:11:20 | 000,005,504 | -H-- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys[2011.08.25 20:11:01 | 000,106,496 | -H-- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll[2011.08.25 20:11:00 | 000,155,648 | -H-- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe[2011.08.25 20:11:00 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Ahead[2011.08.25 20:10:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Ahead.NERO.6[2011.08.24 21:53:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Nero[2011.08.24 21:50:10 | 000,000,000 | -H-D | C] -- C:\Program Files\AskTBar[2011.08.24 21:49:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Windows Sidebar[2011.08.24 21:31:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Nero[2011.08.24 17:13:39 | 000,000,000 | -H-D | C] -- C:\Program Files\FlashGet Network[2011.08.23 12:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\PriceGong[2011.08.23 00:08:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Ashampoo[2011.08.23 00:08:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\MyAshampoo[2011.08.23 00:07:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\ashampoo[2011.08.23 00:07:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo[2011.08.22 17:53:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Canneverbe Limited[2011.08.22 17:53:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited[2011.08.06 15:45:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\facemoods.com[2011.08.06 15:38:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape[2011.08.06 15:37:45 | 000,000,000 | -H-D | C] -- C:\Program Files\PhotoScape[2011.08.06 15:37:38 | 000,000,000 | -H-D | C] -- C:\Program Files\facemoods.com[2011.08.06 15:02:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Conduit[2011.08.06 15:02:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\GetRightToGo[2011.08.06 14:30:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Adobe Photoshop CS5.1[2011.08.06 14:29:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\CS5.5 Master Collection[2011.08.06 14:27:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Adobe Download Assistant[2011.08.06 14:22:35 | 000,000,000 | -H-D | C] -- C:\Program Files\Xenocode[2011.08.06 14:22:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Xenocode[2011.08.06 14:22:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\High Quality Photo Resizer[2011.08.06 14:22:27 | 000,000,000 | -H-D | C] -- C:\Program Files\High Quality Photo Resizer[2011.08.06 14:18:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\FoxTab PDF Converter[2011.08.06 14:18:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\Uninstall[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\lib[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Babylon[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon[2011.08.06 14:18:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\Images[2011.08.06 14:18:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Babylon[2011.08.06 14:18:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\fonts[2011.08.06 14:18:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\DriverFiles[2011.08.01 21:57:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Proxy+[2011.08.01 21:56:00 | 000,000,000 | -H-D | C] -- C:\Program Files\ProxyPlus[2011.01.24 10:48:39 | 000,050,688 | -H-- | C] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe[2011.01.09 10:53:01 | 009,496,056 | -H-- | C] (Google Inc.) -- C:\Program Files\picasa3-setup.exe[2011.01.01 22:45:37 | 009,991,264 | -H-- | C] (Driver-Soft Inc. ) -- C:\Program Files\drvgenpro.exe[2010.12.23 04:08:24 | 005,193,608 | -H-- | C] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic PC Health Advisor.exe[2010.12.12 00:49:52 | 167,043,896 | -H-- | C] (Acronis) -- C:\Program Files\ATIH2011_trial_en-US.exe-ACRONIS.exe[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2011.10.29 17:53:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe[2011.10.29 17:52:01 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job[2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP[2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr[2011.10.29 17:43:31 | 000,000,978 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2011.10.29 17:43:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2011.10.29 17:32:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{274195F4-4469-4418-BDB4-F9FD1CBBE52C}.job[2011.10.28 23:42:34 | 000,000,857 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk[2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP[2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe[2011.10.28 22:22:01 | 000,000,982 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2011.10.28 22:01:04 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job[2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk[2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr[2011.10.28 20:43:09 | 000,000,839 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk[2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk[2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe[2011.10.28 20:40:24 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini[2011.10.28 14:52:46 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl[2011.10.12 15:46:35 | 000,021,504 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011.09.29 21:44:39 | 000,607,260 | RH-- | M] (Swearware) -- C:\Documents and Settings\TR45\Desktop\dds.scr[2011.09.16 14:11:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\System32\secustat.dat[2011.09.16 14:11:16 | 000,001,477 | -H-- | M] () -- C:\WINDOWS\System32\secushr.dat[2011.09.16 13:59:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini[2011.09.09 22:57:40 | 000,000,372 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\spider.sav[2011.08.26 14:32:40 | 000,003,017 | -H-- | M] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent[2011.08.26 13:05:43 | 009,032,303 | -H-- | M] () -- C:\Program Files\partition_magic_demo_8.zip[2011.08.24 21:49:05 | 000,004,767 | -H-- | M] () -- C:\WINDOWS\Irremote.ini[2011.08.23 19:44:53 | 000,000,759 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\Shortcut to everest.exe.lnk[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.29 17:32:14 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP[2011.10.29 17:32:14 | 000,000,088 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr[2011.10.28 23:42:30 | 000,000,857 | -H-- | C] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk[2011.10.28 23:15:41 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP[2011.10.28 23:15:28 | 000,321,936 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe[2011.10.28 20:43:13 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk[2011.10.28 20:43:13 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr[2011.10.28 20:43:09 | 000,000,839 | -H-- | C] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk[2011.10.28 20:43:05 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk[2011.10.28 20:40:32 | 000,402,832 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe[2011.09.23 14:57:57 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini[2011.09.03 21:19:57 | 000,524,850 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa[2011.09.03 21:19:57 | 000,000,929 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.vp[2011.08.26 14:32:24 | 000,003,017 | -H-- | C] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent[2011.08.26 13:05:14 | 009,032,303 | -H-- | C] () -- C:\Program Files\partition_magic_demo_8.zip[2011.08.24 21:49:05 | 000,004,767 | -H-- | C] () -- C:\WINDOWS\Irremote.ini[2011.08.23 19:44:53 | 000,000,759 | -H-- | C] () -- C:\Documents and Settings\TR45\Desktop\Shortcut to everest.exe.lnk[2011.08.06 14:18:42 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll[2011.07.10 18:11:07 | 000,000,072 | -H-- | C] () -- C:\Documents and Settings\TR45\Application Data\burnaware.ini[2011.07.06 18:19:14 | 001,375,018 | -H-- | C] () -- C:\Program Files\EasyBCD 2.0.2.exe[2011.06.24 19:48:59 | 001,524,112 | -H-- | C] () -- C:\WINDOWS\System32\bandoolmx.dll[2011.04.27 21:04:20 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI[2011.04.08 19:18:33 | 000,175,616 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll[2011.04.08 19:18:32 | 000,000,038 | -H-- | C] () -- C:\WINDOWS\avisplitter.ini[2011.04.08 19:18:29 | 000,631,808 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2011.04.08 19:18:29 | 000,243,200 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2011.04.08 19:18:28 | 000,080,896 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2011.02.07 00:28:54 | 001,252,984 | -H-- | C] () -- C:\Program Files\Google Updater.exe[2011.01.24 09:19:00 | 000,001,477 | -H-- | C] () -- C:\WINDOWS\System32\secushr.dat[2011.01.23 11:42:18 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\System32\secustat.dat[2011.01.23 07:41:21 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\libem.INI[2011.01.09 10:52:21 | 000,028,672 | -H-- | C] () -- C:\Program Files\generat.exe[2011.01.03 09:20:45 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI[2010.12.30 10:04:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat[2010.12.25 03:03:09 | 000,262,216 | -H-- | C] () -- C:\WINDOWS\System32\IPTests.dll[2010.12.25 03:02:57 | 000,422,000 | -H-- | C] () -- C:\WINDOWS\System32\wgapi.dll[2010.12.25 03:02:57 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\wgapiloc.dll[2010.12.25 02:27:21 | 000,001,362 | -H-- | C] () -- C:\WINDOWS\System32\WLAN.INI[2010.12.24 19:59:09 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2010.12.12 01:43:57 | 000,021,504 | -H-- | C] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010.12.10 21:18:24 | 000,204,800 | RH-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll[2010.12.10 21:05:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2010.12.10 21:00:11 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2010.12.10 12:55:04 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI[2010.12.10 12:53:57 | 000,189,792 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2004.08.04 02:07:22 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin[2004.08.04 01:56:44 | 000,755,200 | -H-- | C] () -- C:\WINDOWS\System32\ir50_32.dll[2004.08.04 01:56:44 | 000,338,432 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll[2004.08.04 01:56:44 | 000,200,192 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qc.dll[2004.08.04 01:56:44 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll[2004.08.04 01:56:44 | 000,120,320 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qc.dll[2004.08.02 15:20:40 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat[2003.01.07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI[2001.08.23 15:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin[2001.08.23 15:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat[2001.08.23 15:00:00 | 000,399,964 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat[2001.08.23 15:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat[2001.08.23 15:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat[2001.08.23 15:00:00 | 000,060,376 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat[2001.08.23 15:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin[2001.08.23 15:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat[2001.08.23 15:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat[2001.08.23 15:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat[1996.04.03 22:33:26 | 000,005,248 | -H-- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2011.08.23 00:07:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo[2011.08.06 14:18:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon[2011.06.24 19:49:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo[2011.06.24 19:47:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess[2011.08.22 17:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited[2010.12.27 03:34:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure[2010.12.27 03:40:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic[2011.04.26 19:23:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP[2010.12.25 03:03:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK[2011.08.23 00:14:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Ashampoo[2011.08.06 14:18:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Babylon[2010.12.11 20:51:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BabylonToolbar[2011.08.28 19:19:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BitComet[2011.09.16 14:11:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BITS[2011.08.22 17:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Canneverbe Limited[2011.06.18 09:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant[2010.12.23 04:09:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\DriverCure[2011.08.06 15:45:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\facemoods.com[2011.01.23 07:41:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\FlashGet[2011.04.26 22:21:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\FlashGetBHO[2011.08.26 13:05:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\GetRightToGo[2010.12.23 04:09:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\ParetoLogic[2011.08.06 15:39:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\PhotoScape[2011.08.23 12:50:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\PriceGong[2011.06.24 19:47:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\searchqutoolbar[2010.12.23 19:43:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\URSoft[2011.10.28 22:01:04 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job[2011.10.29 17:32:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{274195F4-4469-4418-BDB4-F9FD1CBBE52C}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT[2011.09.16 13:59:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini[2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS[2010.12.10 21:03:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2010.12.10 21:03:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2004.08.03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM[2011.01.03 08:17:31 | 000,250,048 | RHS- | M] () -- C:\ntldr[2011.10.29 17:43:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys < %USERPROFILE%\*.* >[2011.06.20 14:56:01 | 000,010,745 | -H-- | M] () -- C:\Documents and Settings\TR45\.recently-used.xbel[2011.04.08 17:54:51 | 000,014,439 | -H-- | M] () -- C:\Documents and Settings\TR45\20110422134032.torrent[2011.04.22 13:40:32 | 000,000,488 | -H-- | M] () -- C:\Documents and Settings\TR45\20110422134032.torrent.filelist[2011.10.29 17:42:35 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\TR45\ntuser.dat[2011.10.29 17:58:29 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\TR45\ntuser.dat.LOG[2011.10.29 17:42:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\TR45\ntuser.ini < %USERPROFILE%\Application Data\*.* >[2011.07.20 18:21:55 | 000,000,072 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\burnaware.ini[2010.12.10 12:54:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\TR45\Application Data\desktop.ini < %USERPROFILE%\Local Settings\Application Data\*.* >[2011.10.12 15:46:35 | 000,021,504 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011.07.11 14:14:21 | 000,042,944 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\GDIPFONTCACHEV1.DAT[2011.10.29 17:42:19 | 004,798,288 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\IconCache.db < %AllUsersProfile%\*.* > < %AllUsersProfile%\Application Data\*.* >[2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP[2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe[2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk[2010.12.10 12:54:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini[2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe[2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP[2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr[2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk[2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr < %USERPROFILE%\My Documents\*.* >[2010.12.27 05:18:33 | 000,025,521 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\bookmark.htm[2007.06.19 16:41:44 | 000,017,408 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\cc2.db3[2011.09.27 14:23:13 | 000,042,496 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\checking file system on c-IBM.doc[2011.07.06 20:20:55 | 000,240,640 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\Cyra.exe[2010.12.10 21:45:43 | 000,000,075 | -HS- | M] () -- C:\Documents and Settings\TR45\My Documents\desktop.ini[2010.11.29 14:52:42 | 000,052,736 | -H-- | M] (FoxTab) -- C:\Documents and Settings\TR45\My Documents\FTPDFConverter.exe[2011.02.18 18:22:36 | 000,199,168 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ftpdf_inst.exe[2010.11.29 15:08:12 | 000,078,336 | -H-- | M] (FoxTab) -- C:\Documents and Settings\TR45\My Documents\FTPrintInstallDll.dll[2007.08.26 16:14:44 | 003,702,784 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\gsdll32.dll[2011.09.26 09:21:41 | 000,077,824 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\HULDA KLARK.for_all_cancers.doc[2011.07.05 18:41:00 | 002,897,688 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\Icom IC-746 Pro Service Manual.mht[2011.06.19 13:10:33 | 000,126,695 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\imelititrqbwapyksehapffff.xcf[2011.09.26 09:22:07 | 000,015,360 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\prostate_problem.doc[2011.09.09 22:57:40 | 000,000,372 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\spider.sav[2011.06.06 15:11:52 | 000,026,624 | -HS- | M] () -- C:\Documents and Settings\TR45\My Documents\Thumbs.db[2011.03.04 23:58:46 | 000,056,099 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ultravox.shtml[2011.08.28 13:56:39 | 000,000,053 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\winxp32.txt[2011.07.20 16:45:42 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.билинг.11.xls[2011.07.20 16:47:58 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.РУД.11.xls[2011.07.20 16:38:22 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.ТРД.11.xls[2011.07.20 16:15:46 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР.отпуски Дим-гр.11г.xls[2011.07.20 16:13:10 | 000,166,912 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР.отпуски Х-ли.11г.xls[2011.07.19 16:07:01 | 000,184,320 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\гр.юни.Д-град.xls[2011.07.19 16:05:29 | 000,184,832 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\гр.юни.Харманли.xls[2011.08.22 18:37:15 | 000,024,576 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\МОИ ПРОГРАМИ.doc[2011.07.09 16:34:40 | 000,034,304 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ОК.отр време полугодие.xls < %CommonProgramFiles%\*.* > < %PROGRAMFILES%\*.* >[2011.01.24 10:48:42 | 000,050,688 | -H-- | M] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe[2010.12.12 00:49:55 | 167,043,896 | -H-- | M] (Acronis) -- C:\Program Files\ATIH2011_trial_en-US.exe-ACRONIS.exe[2011.01.01 22:44:53 | 009,991,264 | -H-- | M] (Driver-Soft Inc. ) -- C:\Program Files\drvgenpro.exe[2011.07.06 18:19:17 | 001,375,018 | -H-- | M] () -- C:\Program Files\EasyBCD 2.0.2.exe[2010.05.26 00:42:46 | 000,028,672 | -H-- | M] () -- C:\Program Files\generat.exe[2011.02.07 00:29:02 | 001,252,984 | -H-- | M] () -- C:\Program Files\Google Updater.exe[2010.12.23 04:08:35 | 005,193,608 | -H-- | M] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic PC Health Advisor.exe[2011.08.26 13:05:43 | 009,032,303 | -H-- | M] () -- C:\Program Files\partition_magic_demo_8.zip[2010.01.23 02:09:10 | 009,496,056 | -H-- | M] (Google Inc.) -- C:\Program Files\picasa3-setup.exe[2011.08.26 14:32:40 | 000,003,017 | -H-- | M] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent < %systemroot%\system32\*.dll /lockedfiles >[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2003.06.18 17:31:48 | 000,018,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < MD5 for: EXPLORER.EXE >[2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe[2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe[2004.08.04 01:56:50 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: USERINIT.EXE >[2004.08.04 01:56:58 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe[2008.04.14 16:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe[2008.04.14 16:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: VOLSNAP.SYS >[2008.04.14 11:11:02 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys[2008.04.14 11:11:02 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys[2004.08.04 00:00:18 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys < MD5 for: WINLOGON.EXE >[2004.08.04 01:56:58 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe[2008.04.14 16:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe[2008.04.14 16:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51< End of report > Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 29, 2011 Report Share Публикувано Октомври 29, 2011 Стартирай отново OTL. В празното поле "Custom Scans/Fixes" (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V): :Processes killallprocesses :OTL MOD - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe MOD - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\InprocServer32 File not found O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll File not found O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll File not found O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found O4 - HKLM..\Run: [trfnnmNFIoGhaDl.exe] C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found [2011.10.28 20:43:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\System Restore [2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP [2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr [2011.10.28 23:42:34 | 000,000,857 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk [2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe [2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk [2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr [2011.10.28 20:43:09 | 000,000,839 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk [2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51:Files :Reg :Commands [emptytemp] [reboot]Копирай текста точно както е в полето. Внимавай да не изтървеш началното двуеточие и всяка команда да е на отделен ред, както е в полето. Кликни бутон Run Fix. Потвърди с OK на съобщението, че е нужен рестарт на системата. Остави системата да стартира в нормален режим и виж дали ще има проблем. След рестарта ще се появи текстов дневник/лог. Същият файл се намира в C:\_OTL\MovedFiles. Моля, прикачи го към следващия си коментар. След това стартирай отново OTL, създай пресни дневници (както бях описал по-рано) и ги прикачи отново. Можеш да архивираш всичките файлове в един архив, а можеш и да ги прикачиш поотделно. Цитирай Link to comment Сподели другаде More sharing options...
mirkata Публикувано Октомври 30, 2011 Author Report Share Публикувано Октомври 30, 2011 All processes killed========== PROCESSES ==================== OTL ==========Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SysTrayApp deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\trfnnmNFIoGhaDl.exe deleted successfully.C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe moved successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.Registry key HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\bandoo\bndhook.dll deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NeroFilterCheck\ deleted successfully.C:\Documents and Settings\TR45\Start Menu\Programs\System Restore folder moved successfully.C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP moved successfully.C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr moved successfully.C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk moved successfully.C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP moved successfully.C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe moved successfully.C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk moved successfully.C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr moved successfully.C:\Documents and Settings\TR45\Desktop\System Restore.lnk moved successfully.C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk moved successfully.File C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe not found.Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51:Files .========== REGISTRY ==================== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes->Flash cache emptied: 56502 bytes User: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes User: TR45->Temp folder emptied: 11253355 bytes->Temporary Internet Files folder emptied: 9713253 bytes->Flash cache emptied: 143128 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 2162283 bytes%systemroot%\System32 .tmp files removed: 471113 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 18091 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 23,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 10302011_131037Files\Folders moved on Reboot...C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\HLPQID8E\ac3[1].htm moved successfully.C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\HLPQID8E\dir_bg[1].htm moved successfully.C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\G4SQWH2V\27-компютърна-сигурност-и-защита-от-зловреден-код[1].htm moved successfully.C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\3012KB1R\13866-virus-system-restore-ми-блокира-тотално-компа-help[1].htm moved successfully.C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\3012KB1R\ac3[2].htm moved successfully.C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\3012KB1R\fastbutton[1].htm moved successfully.C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.Registry entries deleted on Reboot... OTL logfile created on: 29.10.2011 г. 17:57:03 - Run 1OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\TR45\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.' 1,99 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,28% Memory free3,84 Gb Paging File | 3,38 Gb Available in Paging File | 87,93% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 37,26 Gb Total Space | 28,78 Gb Free Space | 77,25% Space Free | Partition Type: NTFSDrive D: | 111,79 Gb Total Space | 77,72 Gb Free Space | 69,52% Space Free | Partition Type: NTFS Computer Name: HOME-F8D6E85E47 | User Name: TR45 | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2011.10.29 17:53:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exePRC - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exePRC - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exePRC - [2011.07.07 20:44:25 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2011.04.21 07:54:05 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exePRC - [2011.04.21 07:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2011.04.21 07:53:33 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2009.12.28 20:28:14 | 000,561,263 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exePRC - [2009.09.21 21:48:44 | 000,499,796 | -H-- | M] (Atheros) -- C:\WINDOWS\system32\acs.exePRC - [2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exeMOD - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exeMOD - [2011.05.28 22:04:56 | 000,140,288 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dllMOD - [2010.07.05 00:32:38 | 000,010,752 | -H-- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dllMOD - [2010.06.17 15:27:22 | 000,355,688 | -H-- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dllMOD - [2010.01.21 01:20:18 | 000,278,528 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dllMOD - [2010.01.05 19:56:02 | 000,163,840 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dllMOD - [2009.12.28 21:43:44 | 000,077,824 | -H-- | M] () -- C:\WINDOWS\system32\wgapiloc.dllMOD - [2009.12.28 20:28:14 | 000,561,263 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exeMOD - [2009.12.28 20:28:00 | 000,422,000 | -H-- | M] () -- C:\WINDOWS\system32\wgapi.dllMOD - [2007.08.21 13:32:44 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\redmonnt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)SRV - File not found [Disabled | Stopped] -- -- (HidServ)SRV - File not found [Auto | Stopped] -- -- (Bandoo Coordinator)SRV - [2011.08.31 17:00:48 | 000,366,152 | -H-- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2011.07.07 20:44:25 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)SRV - [2011.04.21 07:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)SRV - [2009.09.21 21:48:44 | 000,499,796 | -H-- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) ========== Driver Services (SafeList) ========== DRV - [2011.07.07 20:44:27 | 000,138,192 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)DRV - [2011.07.07 20:44:27 | 000,066,616 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)DRV - [2010.06.17 15:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)DRV - [2010.06.17 15:27:12 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)DRV - [2010.01.05 06:31:32 | 001,714,176 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)DRV - [2009.09.21 21:49:12 | 000,058,208 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)DRV - [2009.03.25 15:40:52 | 001,392,498 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)DRV - [2008.04.14 11:26:08 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)DRV - [2008.04.14 11:23:10 | 000,040,320 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)DRV - [2006.09.24 16:28:46 | 000,005,248 | -H-- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)DRV - [2004.08.04 01:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)DRV - [2001.08.23 15:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)DRV - [2001.08.23 15:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)DRV - [2001.08.18 00:51:32 | 000,018,688 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)DRV - [1996.04.03 22:33:26 | 000,005,248 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=stonicla&s={searchTerms}&f=4 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dir.bg/IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us,bg-BG;q=0.5IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 56 1C 4F 8D A0 CB 01 [binary data]IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\InprocServer32 File not foundIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.intranet.vivacom.bg;*.btk.bg;*.btc.corp;*ad.btk.bg;192.168.*;europe.citidirect-eb.citicorp.com;pbs.btc-net.bg;www.office1.bg;us.citidirect.citicorp.com;face.oeticket.com*;netact.vivatel.bg;crl.btc.bg;aia.btc.bg;ssa.vivacom.bg;<local>IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.btk.bg:80 FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2001.08.23 15:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not foundO2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not foundO2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll File not foundO2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll File not foundO2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not foundO3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not foundO3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not foundO3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not foundO4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)O4 - HKLM..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not foundO4 - HKLM..\Run: [trfnnmNFIoGhaDl.exe] C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe ()O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0O8 - Extra context menu item: &С&валяне &с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)O8 - Extra context menu item: &С&валяне на всички с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not foundO8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\TR45\Application Data\FlashGetBHO\GetUrl.htm ()O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\TR45\Application Data\FlashGetBHO\GetAllUrl.htm ()O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C9D17E1-2F5C-4F60-A7A0-F170BCC9965B}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEDE183-4CA0-4B16-98FE-09E8314A5FF8}: DhcpNameServer = 10.209.249.130 10.16.168.11O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 (My Current Home Page) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\TR45\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\TR45\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - Unable to obtain root file information for disk D:\O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not foundNetSvcs: HidServ - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not found NetSvcs: 6to4 - File not foundNetSvcs: HidServ - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: facemoods - hkey= - key= - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not foundMsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()MsConfig - State: "system.ini" - 0MsConfig - State: "win.ini" - 0MsConfig - State: "bootini" - 0MsConfig - State: "services" - 0MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: SCSI Class - Driver GroupSafeBootMin: sermouse.sys - DriverSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: vds - ServiceSafeBootMin: vga.sys - DriverSafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)SafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: SCSI Class - Driver GroupSafeBootNet: sermouse.sys - DriverSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: vga.sys - DriverSafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ========== Files/Folders - Created Within 90 Days ========== [2011.10.29 17:54:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TR45\Recent[2011.10.29 17:53:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe[2011.10.28 20:43:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\System Restore[2011.09.29 21:44:08 | 000,607,260 | RH-- | C] (Swearware) -- C:\Documents and Settings\TR45\Desktop\dds.scr[2011.09.29 21:19:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Malwarebytes[2011.09.29 21:19:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware[2011.09.29 21:19:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2011.09.29 21:19:47 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2011.09.21 19:14:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TR45\Copy of Favorites[2011.09.18 01:05:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth[2011.09.03 21:21:51 | 000,135,168 | RH-- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll[2011.09.03 21:20:24 | 000,061,440 | RH-- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4396.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuITA.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuESP.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuENG.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuELL.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll[2011.09.03 21:20:22 | 000,114,688 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmudlg.exe[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARB.dll[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARA.dll[2011.09.01 18:02:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype[2011.08.25 20:13:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero[2011.08.25 20:11:20 | 000,125,184 | -H-- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys[2011.08.25 20:11:20 | 000,005,504 | -H-- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys[2011.08.25 20:11:01 | 000,106,496 | -H-- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll[2011.08.25 20:11:00 | 000,155,648 | -H-- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe[2011.08.25 20:11:00 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Ahead[2011.08.25 20:10:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Ahead.NERO.6[2011.08.24 21:53:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Nero[2011.08.24 21:50:10 | 000,000,000 | -H-D | C] -- C:\Program Files\AskTBar[2011.08.24 21:49:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Windows Sidebar[2011.08.24 21:31:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Nero[2011.08.24 17:13:39 | 000,000,000 | -H-D | C] -- C:\Program Files\FlashGet Network[2011.08.23 12:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\PriceGong[2011.08.23 00:08:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Ashampoo[2011.08.23 00:08:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\MyAshampoo[2011.08.23 00:07:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\ashampoo[2011.08.23 00:07:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo[2011.08.22 17:53:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Canneverbe Limited[2011.08.22 17:53:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited[2011.08.06 15:45:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\facemoods.com[2011.08.06 15:38:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape[2011.08.06 15:37:45 | 000,000,000 | -H-D | C] -- C:\Program Files\PhotoScape[2011.08.06 15:37:38 | 000,000,000 | -H-D | C] -- C:\Program Files\facemoods.com[2011.08.06 15:02:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Conduit[2011.08.06 15:02:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\GetRightToGo[2011.08.06 14:30:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Adobe Photoshop CS5.1[2011.08.06 14:29:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\CS5.5 Master Collection[2011.08.06 14:27:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Adobe Download Assistant[2011.08.06 14:22:35 | 000,000,000 | -H-D | C] -- C:\Program Files\Xenocode[2011.08.06 14:22:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Xenocode[2011.08.06 14:22:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\High Quality Photo Resizer[2011.08.06 14:22:27 | 000,000,000 | -H-D | C] -- C:\Program Files\High Quality Photo Resizer[2011.08.06 14:18:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\FoxTab PDF Converter[2011.08.06 14:18:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\Uninstall[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\lib[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Babylon[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon[2011.08.06 14:18:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\Images[2011.08.06 14:18:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Babylon[2011.08.06 14:18:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\fonts[2011.08.06 14:18:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\DriverFiles[2011.08.01 21:57:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Proxy+[2011.08.01 21:56:00 | 000,000,000 | -H-D | C] -- C:\Program Files\ProxyPlus[2011.01.24 10:48:39 | 000,050,688 | -H-- | C] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe[2011.01.09 10:53:01 | 009,496,056 | -H-- | C] (Google Inc.) -- C:\Program Files\picasa3-setup.exe[2011.01.01 22:45:37 | 009,991,264 | -H-- | C] (Driver-Soft Inc. ) -- C:\Program Files\drvgenpro.exe[2010.12.23 04:08:24 | 005,193,608 | -H-- | C] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic PC Health Advisor.exe[2010.12.12 00:49:52 | 167,043,896 | -H-- | C] (Acronis) -- C:\Program Files\ATIH2011_trial_en-US.exe-ACRONIS.exe[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2011.10.29 17:53:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe[2011.10.29 17:52:01 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job[2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP[2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr[2011.10.29 17:43:31 | 000,000,978 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2011.10.29 17:43:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2011.10.29 17:32:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{274195F4-4469-4418-BDB4-F9FD1CBBE52C}.job[2011.10.28 23:42:34 | 000,000,857 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk[2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP[2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe[2011.10.28 22:22:01 | 000,000,982 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2011.10.28 22:01:04 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job[2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk[2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr[2011.10.28 20:43:09 | 000,000,839 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk[2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk[2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe[2011.10.28 20:40:24 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini[2011.10.28 14:52:46 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl[2011.10.12 15:46:35 | 000,021,504 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011.09.29 21:44:39 | 000,607,260 | RH-- | M] (Swearware) -- C:\Documents and Settings\TR45\Desktop\dds.scr[2011.09.16 14:11:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\System32\secustat.dat[2011.09.16 14:11:16 | 000,001,477 | -H-- | M] () -- C:\WINDOWS\System32\secushr.dat[2011.09.16 13:59:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini[2011.09.09 22:57:40 | 000,000,372 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\spider.sav[2011.08.26 14:32:40 | 000,003,017 | -H-- | M] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent[2011.08.26 13:05:43 | 009,032,303 | -H-- | M] () -- C:\Program Files\partition_magic_demo_8.zip[2011.08.24 21:49:05 | 000,004,767 | -H-- | M] () -- C:\WINDOWS\Irremote.ini[2011.08.23 19:44:53 | 000,000,759 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\Shortcut to everest.exe.lnk[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.29 17:32:14 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP[2011.10.29 17:32:14 | 000,000,088 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr[2011.10.28 23:42:30 | 000,000,857 | -H-- | C] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk[2011.10.28 23:15:41 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP[2011.10.28 23:15:28 | 000,321,936 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe[2011.10.28 20:43:13 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk[2011.10.28 20:43:13 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr[2011.10.28 20:43:09 | 000,000,839 | -H-- | C] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk[2011.10.28 20:43:05 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk[2011.10.28 20:40:32 | 000,402,832 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe[2011.09.23 14:57:57 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini[2011.09.03 21:19:57 | 000,524,850 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa[2011.09.03 21:19:57 | 000,000,929 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.vp[2011.08.26 14:32:24 | 000,003,017 | -H-- | C] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent[2011.08.26 13:05:14 | 009,032,303 | -H-- | C] () -- C:\Program Files\partition_magic_demo_8.zip[2011.08.24 21:49:05 | 000,004,767 | -H-- | C] () -- C:\WINDOWS\Irremote.ini[2011.08.23 19:44:53 | 000,000,759 | -H-- | C] () -- C:\Documents and Settings\TR45\Desktop\Shortcut to everest.exe.lnk[2011.08.06 14:18:42 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll[2011.07.10 18:11:07 | 000,000,072 | -H-- | C] () -- C:\Documents and Settings\TR45\Application Data\burnaware.ini[2011.07.06 18:19:14 | 001,375,018 | -H-- | C] () -- C:\Program Files\EasyBCD 2.0.2.exe[2011.06.24 19:48:59 | 001,524,112 | -H-- | C] () -- C:\WINDOWS\System32\bandoolmx.dll[2011.04.27 21:04:20 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI[2011.04.08 19:18:33 | 000,175,616 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll[2011.04.08 19:18:32 | 000,000,038 | -H-- | C] () -- C:\WINDOWS\avisplitter.ini[2011.04.08 19:18:29 | 000,631,808 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2011.04.08 19:18:29 | 000,243,200 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2011.04.08 19:18:28 | 000,080,896 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2011.02.07 00:28:54 | 001,252,984 | -H-- | C] () -- C:\Program Files\Google Updater.exe[2011.01.24 09:19:00 | 000,001,477 | -H-- | C] () -- C:\WINDOWS\System32\secushr.dat[2011.01.23 11:42:18 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\System32\secustat.dat[2011.01.23 07:41:21 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\libem.INI[2011.01.09 10:52:21 | 000,028,672 | -H-- | C] () -- C:\Program Files\generat.exe[2011.01.03 09:20:45 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI[2010.12.30 10:04:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat[2010.12.25 03:03:09 | 000,262,216 | -H-- | C] () -- C:\WINDOWS\System32\IPTests.dll[2010.12.25 03:02:57 | 000,422,000 | -H-- | C] () -- C:\WINDOWS\System32\wgapi.dll[2010.12.25 03:02:57 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\wgapiloc.dll[2010.12.25 02:27:21 | 000,001,362 | -H-- | C] () -- C:\WINDOWS\System32\WLAN.INI[2010.12.24 19:59:09 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2010.12.12 01:43:57 | 000,021,504 | -H-- | C] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010.12.10 21:18:24 | 000,204,800 | RH-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll[2010.12.10 21:05:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2010.12.10 21:00:11 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2010.12.10 12:55:04 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI[2010.12.10 12:53:57 | 000,189,792 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2004.08.04 02:07:22 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin[2004.08.04 01:56:44 | 000,755,200 | -H-- | C] () -- C:\WINDOWS\System32\ir50_32.dll[2004.08.04 01:56:44 | 000,338,432 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll[2004.08.04 01:56:44 | 000,200,192 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qc.dll[2004.08.04 01:56:44 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll[2004.08.04 01:56:44 | 000,120,320 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qc.dll[2004.08.02 15:20:40 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat[2003.01.07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI[2001.08.23 15:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin[2001.08.23 15:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat[2001.08.23 15:00:00 | 000,399,964 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat[2001.08.23 15:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat[2001.08.23 15:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat[2001.08.23 15:00:00 | 000,060,376 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat[2001.08.23 15:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin[2001.08.23 15:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat[2001.08.23 15:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat[2001.08.23 15:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat[1996.04.03 22:33:26 | 000,005,248 | -H-- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2011.08.23 00:07:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo[2011.08.06 14:18:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon[2011.06.24 19:49:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo[2011.06.24 19:47:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess[2011.08.22 17:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited[2010.12.27 03:34:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure[2010.12.27 03:40:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic[2011.04.26 19:23:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP[2010.12.25 03:03:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK[2011.08.23 00:14:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Ashampoo[2011.08.06 14:18:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Babylon[2010.12.11 20:51:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BabylonToolbar[2011.08.28 19:19:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BitComet[2011.09.16 14:11:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BITS[2011.08.22 17:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Canneverbe Limited[2011.06.18 09:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant[2010.12.23 04:09:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\DriverCure[2011.08.06 15:45:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\facemoods.com[2011.01.23 07:41:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\FlashGet[2011.04.26 22:21:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\FlashGetBHO[2011.08.26 13:05:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\GetRightToGo[2010.12.23 04:09:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\ParetoLogic[2011.08.06 15:39:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\PhotoScape[2011.08.23 12:50:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\PriceGong[2011.06.24 19:47:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\searchqutoolbar[2010.12.23 19:43:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\URSoft[2011.10.28 22:01:04 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job[2011.10.29 17:32:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{274195F4-4469-4418-BDB4-F9FD1CBBE52C}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT[2011.09.16 13:59:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini[2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS[2010.12.10 21:03:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2010.12.10 21:03:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2004.08.03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM[2011.01.03 08:17:31 | 000,250,048 | RHS- | M] () -- C:\ntldr[2011.10.29 17:43:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys < %USERPROFILE%\*.* >[2011.06.20 14:56:01 | 000,010,745 | -H-- | M] () -- C:\Documents and Settings\TR45\.recently-used.xbel[2011.04.08 17:54:51 | 000,014,439 | -H-- | M] () -- C:\Documents and Settings\TR45\20110422134032.torrent[2011.04.22 13:40:32 | 000,000,488 | -H-- | M] () -- C:\Documents and Settings\TR45\20110422134032.torrent.filelist[2011.10.29 17:42:35 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\TR45\ntuser.dat[2011.10.29 17:58:29 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\TR45\ntuser.dat.LOG[2011.10.29 17:42:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\TR45\ntuser.ini < %USERPROFILE%\Application Data\*.* >[2011.07.20 18:21:55 | 000,000,072 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\burnaware.ini[2010.12.10 12:54:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\TR45\Application Data\desktop.ini < %USERPROFILE%\Local Settings\Application Data\*.* >[2011.10.12 15:46:35 | 000,021,504 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011.07.11 14:14:21 | 000,042,944 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\GDIPFONTCACHEV1.DAT[2011.10.29 17:42:19 | 004,798,288 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\IconCache.db < %AllUsersProfile%\*.* > < %AllUsersProfile%\Application Data\*.* >[2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP[2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe[2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk[2010.12.10 12:54:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini[2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe[2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP[2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr[2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk[2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr < %USERPROFILE%\My Documents\*.* >[2010.12.27 05:18:33 | 000,025,521 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\bookmark.htm[2007.06.19 16:41:44 | 000,017,408 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\cc2.db3[2011.09.27 14:23:13 | 000,042,496 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\checking file system on c-IBM.doc[2011.07.06 20:20:55 | 000,240,640 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\Cyra.exe[2010.12.10 21:45:43 | 000,000,075 | -HS- | M] () -- C:\Documents and Settings\TR45\My Documents\desktop.ini[2010.11.29 14:52:42 | 000,052,736 | -H-- | M] (FoxTab) -- C:\Documents and Settings\TR45\My Documents\FTPDFConverter.exe[2011.02.18 18:22:36 | 000,199,168 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ftpdf_inst.exe[2010.11.29 15:08:12 | 000,078,336 | -H-- | M] (FoxTab) -- C:\Documents and Settings\TR45\My Documents\FTPrintInstallDll.dll[2007.08.26 16:14:44 | 003,702,784 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\gsdll32.dll[2011.09.26 09:21:41 | 000,077,824 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\HULDA KLARK.for_all_cancers.doc[2011.07.05 18:41:00 | 002,897,688 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\Icom IC-746 Pro Service Manual.mht[2011.06.19 13:10:33 | 000,126,695 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\imelititrqbwapyksehapffff.xcf[2011.09.26 09:22:07 | 000,015,360 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\prostate_problem.doc[2011.09.09 22:57:40 | 000,000,372 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\spider.sav[2011.06.06 15:11:52 | 000,026,624 | -HS- | M] () -- C:\Documents and Settings\TR45\My Documents\Thumbs.db[2011.03.04 23:58:46 | 000,056,099 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ultravox.shtml[2011.08.28 13:56:39 | 000,000,053 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\winxp32.txt[2011.07.20 16:45:42 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.билинг.11.xls[2011.07.20 16:47:58 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.РУД.11.xls[2011.07.20 16:38:22 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.ТРД.11.xls[2011.07.20 16:15:46 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР.отпуски Дим-гр.11г.xls[2011.07.20 16:13:10 | 000,166,912 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР.отпуски Х-ли.11г.xls[2011.07.19 16:07:01 | 000,184,320 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\гр.юни.Д-град.xls[2011.07.19 16:05:29 | 000,184,832 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\гр.юни.Харманли.xls[2011.08.22 18:37:15 | 000,024,576 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\МОИ ПРОГРАМИ.doc[2011.07.09 16:34:40 | 000,034,304 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ОК.отр време полугодие.xls < %CommonProgramFiles%\*.* > < %PROGRAMFILES%\*.* >[2011.01.24 10:48:42 | 000,050,688 | -H-- | M] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe[2010.12.12 00:49:55 | 167,043,896 | -H-- | M] (Acronis) -- C:\Program Files\ATIH2011_trial_en-US.exe-ACRONIS.exe[2011.01.01 22:44:53 | 009,991,264 | -H-- | M] (Driver-Soft Inc. ) -- C:\Program Files\drvgenpro.exe[2011.07.06 18:19:17 | 001,375,018 | -H-- | M] () -- C:\Program Files\EasyBCD 2.0.2.exe[2010.05.26 00:42:46 | 000,028,672 | -H-- | M] () -- C:\Program Files\generat.exe[2011.02.07 00:29:02 | 001,252,984 | -H-- | M] () -- C:\Program Files\Google Updater.exe[2010.12.23 04:08:35 | 005,193,608 | -H-- | M] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic PC Health Advisor.exe[2011.08.26 13:05:43 | 009,032,303 | -H-- | M] () -- C:\Program Files\partition_magic_demo_8.zip[2010.01.23 02:09:10 | 009,496,056 | -H-- | M] (Google Inc.) -- C:\Program Files\picasa3-setup.exe[2011.08.26 14:32:40 | 000,003,017 | -H-- | M] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent < %systemroot%\system32\*.dll /lockedfiles >[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2003.06.18 17:31:48 | 000,018,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < MD5 for: EXPLORER.EXE >[2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe[2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe[2004.08.04 01:56:50 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: USERINIT.EXE >[2004.08.04 01:56:58 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe[2008.04.14 16:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe[2008.04.14 16:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: VOLSNAP.SYS >[2008.04.14 11:11:02 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys[2008.04.14 11:11:02 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys[2004.08.04 00:00:18 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys < MD5 for: WINLOGON.EXE >[2004.08.04 01:56:58 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe[2008.04.14 16:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe[2008.04.14 16:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51< End of report >този път излезе само една таблица Няма промяна , да не би да съм объркал нещо ? Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 30, 2011 Report Share Публикувано Октомври 30, 2011 Имах предвид да създадеш нови дневници, а не да копираш отново първите. Цитирай Link to comment Сподели другаде More sharing options...
mirkata Публикувано Октомври 30, 2011 Author Report Share Публикувано Октомври 30, 2011 Изтегли OTL и го запази на работния плот:- стартирай инструмента;- постави отметка в горната част на Scan All Users;- в поле Standard Registry избери All;- от падащо меню File Age избери 90 Days;- постави отметки още на: Skip Microsoft Files, LOP Check и Purity Check;- в поле Custom Scans/Fixes (в долната част на програмата) постави следния текст (маркирай го, натисни Ctrl+C и после в полето на OTL натисни Ctrl+V):netsvcs netsvcs msconfig safebootminimal safebootnetwork %SYSTEMDRIVE%\*.* %USERPROFILE%\*.* %USERPROFILE%\Application Data\*.* %USERPROFILE%\Local Settings\Application Data\*.* %AllUsersProfile%\*.* %AllUsersProfile%\Application Data\*.* %USERPROFILE%\My Documents\*.* %CommonProgramFiles%\*.* %PROGRAMFILES%\*.* %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /90 %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\Spool\prtprocs\w32x86\*.dll /md5start hlp.dat winlogon.exe wininit.exe userinit.exe explorer.exe volsnap.sys /md5stop- кликни бутон Run Scan;Изчакай сканирането да приключи. След края на сканирането автоматично ще се отворят двата новосъздадени на работния плот файла: OTL.txt и Extras.txt. Моля, прикачи тези два файла (поотделно или в архив) към следващия си коментар. Следвах ето тези указания . Май някъде бъркам , моля кажете . Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Октомври 30, 2011 Report Share Публикувано Октомври 30, 2011 Следва ги повторно? Сигурен ли си, защото логовете, които даде последно, са същите като първите, а не би трябвало да е така. Цитирай Link to comment Сподели другаде More sharing options...
mirkata Публикувано Октомври 31, 2011 Author Report Share Публикувано Октомври 31, 2011 Да , сигурен съм , но за всеки случай ще ги повторя и постна.Ето какво направих:Най напред изпълних указанията на ваш пост номер 8 , слагайки отметки , както е указано във ваш пост номер 3 .Постнах резултата , вижда се че има друго заглавие.След което изпълних указанията на ваш пост номер 3 , съвсем точно и постнах излезлия резултат. Той беше само един , на ОТЛ , за разлика от първия път .Нямаше промяна в компа .Правилно ли съм действал и ако имам грешка , къде е тя ? Цитирай Link to comment Сподели другаде More sharing options...
mirkata Публикувано Октомври 31, 2011 Author Report Share Публикувано Октомври 31, 2011 OTL logfile created on: 29.10.2011 г. 17:57:03 - Run 1OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\TR45\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.' 1,99 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,28% Memory free3,84 Gb Paging File | 3,38 Gb Available in Paging File | 87,93% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 37,26 Gb Total Space | 28,78 Gb Free Space | 77,25% Space Free | Partition Type: NTFSDrive D: | 111,79 Gb Total Space | 77,72 Gb Free Space | 69,52% Space Free | Partition Type: NTFS Computer Name: HOME-F8D6E85E47 | User Name: TR45 | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2011.10.29 17:53:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exePRC - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exePRC - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exePRC - [2011.07.07 20:44:25 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2011.04.21 07:54:05 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exePRC - [2011.04.21 07:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2011.04.21 07:53:33 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2009.12.28 20:28:14 | 000,561,263 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exePRC - [2009.09.21 21:48:44 | 000,499,796 | -H-- | M] (Atheros) -- C:\WINDOWS\system32\acs.exePRC - [2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exeMOD - [2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exeMOD - [2011.05.28 22:04:56 | 000,140,288 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dllMOD - [2010.07.05 00:32:38 | 000,010,752 | -H-- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dllMOD - [2010.06.17 15:27:22 | 000,355,688 | -H-- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dllMOD - [2010.01.21 01:20:18 | 000,278,528 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\twculoc.dllMOD - [2010.01.05 19:56:02 | 000,163,840 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\oemresloc.dllMOD - [2009.12.28 21:43:44 | 000,077,824 | -H-- | M] () -- C:\WINDOWS\system32\wgapiloc.dllMOD - [2009.12.28 20:28:14 | 000,561,263 | -H-- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exeMOD - [2009.12.28 20:28:00 | 000,422,000 | -H-- | M] () -- C:\WINDOWS\system32\wgapi.dllMOD - [2007.08.21 13:32:44 | 000,098,304 | -H-- | M] () -- C:\WINDOWS\system32\redmonnt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)SRV - File not found [Disabled | Stopped] -- -- (HidServ)SRV - File not found [Auto | Stopped] -- -- (Bandoo Coordinator)SRV - [2011.08.31 17:00:48 | 000,366,152 | -H-- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2011.07.07 20:44:25 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)SRV - [2011.04.21 07:53:48 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)SRV - [2009.09.21 21:48:44 | 000,499,796 | -H-- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) ========== Driver Services (SafeList) ========== DRV - [2011.07.07 20:44:27 | 000,138,192 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)DRV - [2011.07.07 20:44:27 | 000,066,616 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)DRV - [2010.06.17 15:27:22 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)DRV - [2010.06.17 15:27:12 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)DRV - [2010.01.05 06:31:32 | 001,714,176 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)DRV - [2009.09.21 21:49:12 | 000,058,208 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)DRV - [2009.03.25 15:40:52 | 001,392,498 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)DRV - [2008.04.14 11:26:08 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)DRV - [2008.04.14 11:23:10 | 000,040,320 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)DRV - [2006.09.24 16:28:46 | 000,005,248 | -H-- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)DRV - [2004.08.04 01:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)DRV - [2001.08.23 15:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)DRV - [2001.08.23 15:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)DRV - [2001.08.18 00:51:32 | 000,018,688 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)DRV - [1996.04.03 22:33:26 | 000,005,248 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dir.bg/IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us,bg-BG;q=0.5IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 56 1C 4F 8D A0 CB 01 [binary data]IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\InprocServer32 File not foundIE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.intranet.vivacom.bg;*.btk.bg;*.btc.corp;*ad.btk.bg;192.168.*;europe.citidirect-eb.citicorp.com;pbs.btc-net.bg;www.office1.bg;us.citidirect.citicorp.com;face.oeticket.com*;netact.vivatel.bg;crl.btc.bg;aia.btc.bg;ssa.vivacom.bg;<local>IE - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.btk.bg:80 FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2001.08.23 15:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not foundO2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not foundO2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll File not foundO2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll File not foundO2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not foundO3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not foundO3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll File not foundO3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)O3 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not foundO4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)O4 - HKLM..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not foundO4 - HKLM..\Run: [trfnnmNFIoGhaDl.exe] C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe ()O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe ()O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1229272821-790525478-725345543-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery presentO7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1O7 - HKU\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0O8 - Extra context menu item: &С&валяне &с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)O8 - Extra context menu item: &С&валяне на всички с BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not foundO8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\TR45\Application Data\FlashGetBHO\GetUrl.htm ()O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\TR45\Application Data\FlashGetBHO\GetAllUrl.htm ()O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C9D17E1-2F5C-4F60-A7A0-F170BCC9965B}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEDE183-4CA0-4B16-98FE-09E8314A5FF8}: DhcpNameServer = 10.209.249.130 10.16.168.11O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 (My Current Home Page) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\TR45\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\TR45\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (nwprovau) -C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - Unable to obtain root file information for disk D:\O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not foundNetSvcs: HidServ - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not found NetSvcs: 6to4 - File not foundNetSvcs: HidServ - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: facemoods - hkey= - key= - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not foundMsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()MsConfig - State: "system.ini" - 0MsConfig - State: "win.ini" - 0MsConfig - State: "bootini" - 0MsConfig - State: "services" - 0MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: SCSI Class - Driver GroupSafeBootMin: sermouse.sys - DriverSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: vds - ServiceSafeBootMin: vga.sys - DriverSafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)SafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: SCSI Class - Driver GroupSafeBootNet: sermouse.sys - DriverSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: vga.sys - DriverSafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ========== Files/Folders - Created Within 90 Days ========== [2011.10.29 17:54:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TR45\Recent[2011.10.29 17:53:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe[2011.10.28 20:43:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\System Restore[2011.09.29 21:44:08 | 000,607,260 | RH-- | C] (Swearware) -- C:\Documents and Settings\TR45\Desktop\dds.scr[2011.09.29 21:19:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Malwarebytes[2011.09.29 21:19:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware[2011.09.29 21:19:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2011.09.29 21:19:47 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2011.09.21 19:14:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\TR45\Copy of Favorites[2011.09.18 01:05:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth[2011.09.03 21:21:51 | 000,135,168 | RH-- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll[2011.09.03 21:20:24 | 000,061,440 | RH-- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4396.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll[2011.09.03 21:20:24 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuITA.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuESP.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuENG.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuELL.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll[2011.09.03 21:20:23 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll[2011.09.03 21:20:22 | 000,114,688 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmudlg.exe[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARB.dll[2011.09.03 21:20:22 | 000,040,960 | RH-- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARA.dll[2011.09.01 18:02:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype[2011.08.25 20:13:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero[2011.08.25 20:11:20 | 000,125,184 | -H-- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys[2011.08.25 20:11:20 | 000,005,504 | -H-- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys[2011.08.25 20:11:01 | 000,106,496 | -H-- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll[2011.08.25 20:11:00 | 000,155,648 | -H-- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe[2011.08.25 20:11:00 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Ahead[2011.08.25 20:10:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Ahead.NERO.6[2011.08.24 21:53:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Nero[2011.08.24 21:50:10 | 000,000,000 | -H-D | C] -- C:\Program Files\AskTBar[2011.08.24 21:49:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Windows Sidebar[2011.08.24 21:31:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Nero[2011.08.24 17:13:39 | 000,000,000 | -H-D | C] -- C:\Program Files\FlashGet Network[2011.08.23 12:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\PriceGong[2011.08.23 00:08:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Ashampoo[2011.08.23 00:08:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\MyAshampoo[2011.08.23 00:07:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\ashampoo[2011.08.23 00:07:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo[2011.08.22 17:53:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Canneverbe Limited[2011.08.22 17:53:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited[2011.08.06 15:45:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\facemoods.com[2011.08.06 15:38:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape[2011.08.06 15:37:45 | 000,000,000 | -H-D | C] -- C:\Program Files\PhotoScape[2011.08.06 15:37:38 | 000,000,000 | -H-D | C] -- C:\Program Files\facemoods.com[2011.08.06 15:02:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Conduit[2011.08.06 15:02:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\GetRightToGo[2011.08.06 14:30:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Adobe Photoshop CS5.1[2011.08.06 14:29:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\CS5.5 Master Collection[2011.08.06 14:27:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Adobe Download Assistant[2011.08.06 14:22:35 | 000,000,000 | -H-D | C] -- C:\Program Files\Xenocode[2011.08.06 14:22:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Xenocode[2011.08.06 14:22:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\High Quality Photo Resizer[2011.08.06 14:22:27 | 000,000,000 | -H-D | C] -- C:\Program Files\High Quality Photo Resizer[2011.08.06 14:18:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Start Menu\Programs\FoxTab PDF Converter[2011.08.06 14:18:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\Uninstall[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\lib[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Local Settings\Application Data\Babylon[2011.08.06 14:18:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon[2011.08.06 14:18:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\Images[2011.08.06 14:18:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\Application Data\Babylon[2011.08.06 14:18:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\fonts[2011.08.06 14:18:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\TR45\My Documents\DriverFiles[2011.08.01 21:57:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Proxy+[2011.08.01 21:56:00 | 000,000,000 | -H-D | C] -- C:\Program Files\ProxyPlus[2011.01.24 10:48:39 | 000,050,688 | -H-- | C] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe[2011.01.09 10:53:01 | 009,496,056 | -H-- | C] (Google Inc.) -- C:\Program Files\picasa3-setup.exe[2011.01.01 22:45:37 | 009,991,264 | -H-- | C] (Driver-Soft Inc. ) -- C:\Program Files\drvgenpro.exe[2010.12.23 04:08:24 | 005,193,608 | -H-- | C] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic PC Health Advisor.exe[2010.12.12 00:49:52 | 167,043,896 | -H-- | C] (Acronis) -- C:\Program Files\ATIH2011_trial_en-US.exe-ACRONIS.exe[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2011.10.29 17:53:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TR45\Desktop\OTL.exe[2011.10.29 17:52:01 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job[2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP[2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr[2011.10.29 17:43:31 | 000,000,978 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2011.10.29 17:43:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2011.10.29 17:32:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{274195F4-4469-4418-BDB4-F9FD1CBBE52C}.job[2011.10.28 23:42:34 | 000,000,857 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk[2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP[2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe[2011.10.28 22:22:01 | 000,000,982 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2011.10.28 22:01:04 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job[2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk[2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr[2011.10.28 20:43:09 | 000,000,839 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk[2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk[2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe[2011.10.28 20:40:24 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini[2011.10.28 14:52:46 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl[2011.10.12 15:46:35 | 000,021,504 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011.09.29 21:44:39 | 000,607,260 | RH-- | M] (Swearware) -- C:\Documents and Settings\TR45\Desktop\dds.scr[2011.09.16 14:11:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\System32\secustat.dat[2011.09.16 14:11:16 | 000,001,477 | -H-- | M] () -- C:\WINDOWS\System32\secushr.dat[2011.09.16 13:59:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini[2011.09.09 22:57:40 | 000,000,372 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\spider.sav[2011.08.26 14:32:40 | 000,003,017 | -H-- | M] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent[2011.08.26 13:05:43 | 009,032,303 | -H-- | M] () -- C:\Program Files\partition_magic_demo_8.zip[2011.08.24 21:49:05 | 000,004,767 | -H-- | M] () -- C:\WINDOWS\Irremote.ini[2011.08.23 19:44:53 | 000,000,759 | -H-- | M] () -- C:\Documents and Settings\TR45\Desktop\Shortcut to everest.exe.lnk[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.29 17:32:14 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP[2011.10.29 17:32:14 | 000,000,088 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr[2011.10.28 23:42:30 | 000,000,857 | -H-- | C] () -- C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk[2011.10.28 23:15:41 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP[2011.10.28 23:15:28 | 000,321,936 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe[2011.10.28 20:43:13 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk[2011.10.28 20:43:13 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr[2011.10.28 20:43:09 | 000,000,839 | -H-- | C] () -- C:\Documents and Settings\TR45\Desktop\System Restore.lnk[2011.10.28 20:43:05 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk[2011.10.28 20:40:32 | 000,402,832 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe[2011.09.23 14:57:57 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini[2011.09.03 21:19:57 | 000,524,850 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa[2011.09.03 21:19:57 | 000,000,929 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.vp[2011.08.26 14:32:24 | 000,003,017 | -H-- | C] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent[2011.08.26 13:05:14 | 009,032,303 | -H-- | C] () -- C:\Program Files\partition_magic_demo_8.zip[2011.08.24 21:49:05 | 000,004,767 | -H-- | C] () -- C:\WINDOWS\Irremote.ini[2011.08.23 19:44:53 | 000,000,759 | -H-- | C] () -- C:\Documents and Settings\TR45\Desktop\Shortcut to everest.exe.lnk[2011.08.06 14:18:42 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll[2011.07.10 18:11:07 | 000,000,072 | -H-- | C] () -- C:\Documents and Settings\TR45\Application Data\burnaware.ini[2011.07.06 18:19:14 | 001,375,018 | -H-- | C] () -- C:\Program Files\EasyBCD 2.0.2.exe[2011.06.24 19:48:59 | 001,524,112 | -H-- | C] () -- C:\WINDOWS\System32\bandoolmx.dll[2011.04.27 21:04:20 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI[2011.04.08 19:18:33 | 000,175,616 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll[2011.04.08 19:18:32 | 000,000,038 | -H-- | C] () -- C:\WINDOWS\avisplitter.ini[2011.04.08 19:18:29 | 000,631,808 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2011.04.08 19:18:29 | 000,243,200 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2011.04.08 19:18:28 | 000,080,896 | -H-- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2011.02.07 00:28:54 | 001,252,984 | -H-- | C] () -- C:\Program Files\Google Updater.exe[2011.01.24 09:19:00 | 000,001,477 | -H-- | C] () -- C:\WINDOWS\System32\secushr.dat[2011.01.23 11:42:18 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\System32\secustat.dat[2011.01.23 07:41:21 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\libem.INI[2011.01.09 10:52:21 | 000,028,672 | -H-- | C] () -- C:\Program Files\generat.exe[2011.01.03 09:20:45 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI[2010.12.30 10:04:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat[2010.12.25 03:03:09 | 000,262,216 | -H-- | C] () -- C:\WINDOWS\System32\IPTests.dll[2010.12.25 03:02:57 | 000,422,000 | -H-- | C] () -- C:\WINDOWS\System32\wgapi.dll[2010.12.25 03:02:57 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\wgapiloc.dll[2010.12.25 02:27:21 | 000,001,362 | -H-- | C] () -- C:\WINDOWS\System32\WLAN.INI[2010.12.24 19:59:09 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2010.12.12 01:43:57 | 000,021,504 | -H-- | C] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010.12.10 21:18:24 | 000,204,800 | RH-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll[2010.12.10 21:05:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2010.12.10 21:00:11 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2010.12.10 12:55:04 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI[2010.12.10 12:53:57 | 000,189,792 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2004.08.04 02:07:22 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin[2004.08.04 01:56:44 | 000,755,200 | -H-- | C] () -- C:\WINDOWS\System32\ir50_32.dll[2004.08.04 01:56:44 | 000,338,432 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll[2004.08.04 01:56:44 | 000,200,192 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qc.dll[2004.08.04 01:56:44 | 000,183,808 | -H-- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll[2004.08.04 01:56:44 | 000,120,320 | -H-- | C] () -- C:\WINDOWS\System32\ir41_qc.dll[2004.08.02 15:20:40 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat[2003.01.07 15:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI[2001.08.23 15:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin[2001.08.23 15:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat[2001.08.23 15:00:00 | 000,399,964 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat[2001.08.23 15:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat[2001.08.23 15:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat[2001.08.23 15:00:00 | 000,060,376 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat[2001.08.23 15:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin[2001.08.23 15:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat[2001.08.23 15:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat[2001.08.23 15:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat[1996.04.03 22:33:26 | 000,005,248 | -H-- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2011.08.23 00:07:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo[2011.08.06 14:18:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon[2011.06.24 19:49:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo[2011.06.24 19:47:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess[2011.08.22 17:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited[2010.12.27 03:34:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure[2010.12.27 03:40:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic[2011.04.26 19:23:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP[2010.12.25 03:03:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK[2011.08.23 00:14:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Ashampoo[2011.08.06 14:18:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Babylon[2010.12.11 20:51:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BabylonToolbar[2011.08.28 19:19:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BitComet[2011.09.16 14:11:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\BITS[2011.08.22 17:53:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\Canneverbe Limited[2011.06.18 09:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant[2010.12.23 04:09:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\DriverCure[2011.08.06 15:45:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\facemoods.com[2011.01.23 07:41:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\FlashGet[2011.04.26 22:21:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\FlashGetBHO[2011.08.26 13:05:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\GetRightToGo[2010.12.23 04:09:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\ParetoLogic[2011.08.06 15:39:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\PhotoScape[2011.08.23 12:50:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\PriceGong[2011.06.24 19:47:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\searchqutoolbar[2010.12.23 19:43:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TR45\Application Data\URSoft[2011.10.28 22:01:04 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job[2011.10.29 17:32:32 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{274195F4-4469-4418-BDB4-F9FD1CBBE52C}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT[2011.09.16 13:59:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini[2010.12.10 21:03:14 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS[2010.12.10 21:03:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2010.12.10 21:03:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2004.08.03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM[2011.01.03 08:17:31 | 000,250,048 | RHS- | M] () -- C:\ntldr[2011.10.29 17:43:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys < %USERPROFILE%\*.* >[2011.06.20 14:56:01 | 000,010,745 | -H-- | M] () -- C:\Documents and Settings\TR45\.recently-used.xbel[2011.04.08 17:54:51 | 000,014,439 | -H-- | M] () -- C:\Documents and Settings\TR45\20110422134032.torrent[2011.04.22 13:40:32 | 000,000,488 | -H-- | M] () -- C:\Documents and Settings\TR45\20110422134032.torrent.filelist[2011.10.29 17:42:35 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\TR45\ntuser.dat[2011.10.29 17:58:29 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\TR45\ntuser.dat.LOG[2011.10.29 17:42:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\TR45\ntuser.ini < %USERPROFILE%\Application Data\*.* >[2011.07.20 18:21:55 | 000,000,072 | -H-- | M] () -- C:\Documents and Settings\TR45\Application Data\burnaware.ini[2010.12.10 12:54:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\TR45\Application Data\desktop.ini < %USERPROFILE%\Local Settings\Application Data\*.* >[2011.10.12 15:46:35 | 000,021,504 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011.07.11 14:14:21 | 000,042,944 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\GDIPFONTCACHEV1.DAT[2011.10.29 17:42:19 | 004,798,288 | -H-- | M] () -- C:\Documents and Settings\TR45\Local Settings\Application Data\IconCache.db < %AllUsersProfile%\*.* > < %AllUsersProfile%\Application Data\*.* >[2011.10.28 23:15:41 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP[2011.10.28 23:15:28 | 000,321,936 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe[2011.10.28 20:43:05 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk[2010.12.10 12:54:37 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini[2011.10.28 20:40:30 | 000,402,832 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe[2011.10.29 17:44:33 | 000,000,192 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP[2011.10.29 17:44:32 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr[2011.10.28 20:49:31 | 000,000,224 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk[2011.10.28 20:49:31 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr < %USERPROFILE%\My Documents\*.* >[2010.12.27 05:18:33 | 000,025,521 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\bookmark.htm[2007.06.19 16:41:44 | 000,017,408 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\cc2.db3[2011.09.27 14:23:13 | 000,042,496 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\checking file system on c-IBM.doc[2011.07.06 20:20:55 | 000,240,640 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\Cyra.exe[2010.12.10 21:45:43 | 000,000,075 | -HS- | M] () -- C:\Documents and Settings\TR45\My Documents\desktop.ini[2010.11.29 14:52:42 | 000,052,736 | -H-- | M] (FoxTab) -- C:\Documents and Settings\TR45\My Documents\FTPDFConverter.exe[2011.02.18 18:22:36 | 000,199,168 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ftpdf_inst.exe[2010.11.29 15:08:12 | 000,078,336 | -H-- | M] (FoxTab) -- C:\Documents and Settings\TR45\My Documents\FTPrintInstallDll.dll[2007.08.26 16:14:44 | 003,702,784 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\gsdll32.dll[2011.09.26 09:21:41 | 000,077,824 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\HULDA KLARK.for_all_cancers.doc[2011.07.05 18:41:00 | 002,897,688 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\Icom IC-746 Pro Service Manual.mht[2011.06.19 13:10:33 | 000,126,695 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\imelititrqbwapyksehapffff.xcf[2011.09.26 09:22:07 | 000,015,360 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\prostate_problem.doc[2011.09.09 22:57:40 | 000,000,372 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\spider.sav[2011.06.06 15:11:52 | 000,026,624 | -HS- | M] () -- C:\Documents and Settings\TR45\My Documents\Thumbs.db[2011.03.04 23:58:46 | 000,056,099 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ultravox.shtml[2011.08.28 13:56:39 | 000,000,053 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\winxp32.txt[2011.07.20 16:45:42 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.билинг.11.xls[2011.07.20 16:47:58 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.РУД.11.xls[2011.07.20 16:38:22 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР. отпуски.ТРД.11.xls[2011.07.20 16:15:46 | 000,166,400 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР.отпуски Дим-гр.11г.xls[2011.07.20 16:13:10 | 000,166,912 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ГР.отпуски Х-ли.11г.xls[2011.07.19 16:07:01 | 000,184,320 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\гр.юни.Д-град.xls[2011.07.19 16:05:29 | 000,184,832 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\гр.юни.Харманли.xls[2011.08.22 18:37:15 | 000,024,576 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\МОИ ПРОГРАМИ.doc[2011.07.09 16:34:40 | 000,034,304 | -H-- | M] () -- C:\Documents and Settings\TR45\My Documents\ОК.отр време полугодие.xls < %CommonProgramFiles%\*.* > < %PROGRAMFILES%\*.* >[2011.01.24 10:48:42 | 000,050,688 | -H-- | M] (Atribune.org) -- C:\Program Files\ATF_Cleaner.exe[2010.12.12 00:49:55 | 167,043,896 | -H-- | M] (Acronis) -- C:\Program Files\ATIH2011_trial_en-US.exe-ACRONIS.exe[2011.01.01 22:44:53 | 009,991,264 | -H-- | M] (Driver-Soft Inc. ) -- C:\Program Files\drvgenpro.exe[2011.07.06 18:19:17 | 001,375,018 | -H-- | M] () -- C:\Program Files\EasyBCD 2.0.2.exe[2010.05.26 00:42:46 | 000,028,672 | -H-- | M] () -- C:\Program Files\generat.exe[2011.02.07 00:29:02 | 001,252,984 | -H-- | M] () -- C:\Program Files\Google Updater.exe[2010.12.23 04:08:35 | 005,193,608 | -H-- | M] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic PC Health Advisor.exe[2011.08.26 13:05:43 | 009,032,303 | -H-- | M] () -- C:\Program Files\partition_magic_demo_8.zip[2010.01.23 02:09:10 | 009,496,056 | -H-- | M] (Google Inc.) -- C:\Program Files\picasa3-setup.exe[2011.08.26 14:32:40 | 000,003,017 | -H-- | M] () -- C:\Program Files\Portable Norton Partition Magic 8.05.torrent < %systemroot%\system32\*.dll /lockedfiles >[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2003.06.18 17:31:48 | 000,018,944 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < MD5 for: EXPLORER.EXE >[2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe[2008.04.14 16:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe[2004.08.04 01:56:50 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: USERINIT.EXE >[2004.08.04 01:56:58 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe[2008.04.14 16:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe[2008.04.14 16:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: VOLSNAP.SYS >[2008.04.14 11:11:02 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys[2008.04.14 11:11:02 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys[2004.08.04 00:00:18 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys < MD5 for: WINLOGON.EXE >[2004.08.04 01:56:58 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe[2008.04.14 16:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe[2008.04.14 16:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51< End of report > Само един апорт следва второ действие втото действие All processes killed========== PROCESSES ==================== OTL ==========Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SysTrayApp not found.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\trfnnmNFIoGhaDl.exe not found.File C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe not found.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.Registry key HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop not found.Registry value HKEY_USERS\S-1-5-21-1229272821-790525478-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\bandoo\bndhook.dll deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NeroFilterCheck\ not found.Folder C:\Documents and Settings\TR45\Start Menu\Programs\System Restore\ not found.File C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzP not found.File C:\Documents and Settings\All Users\Application Data\~1kAlMiG2Kb7FzPr not found.File C:\Documents and Settings\TR45\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk not found.File C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP not found.File C:\Documents and Settings\All Users\Application Data\1kAlMiG2Kb7FzP.exe not found.File C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk not found.File C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr not found.File C:\Documents and Settings\TR45\Desktop\System Restore.lnk not found.File C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk not found.File C:\Documents and Settings\All Users\Application Data\trfnnmNFIoGhaDl.exe not found.Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51:Files .========== REGISTRY ==================== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes User: TR45->Temp folder emptied: 12818269 bytes->Temporary Internet Files folder emptied: 11196696 bytes->Flash cache emptied: 1670 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 424313151 bytes Total Files Cleaned = 428,00 mb Error: Unable to interpret <[reboot> in the current context! OTL by OldTimer - Version 3.2.31.0 log created on 10312011_190228Files\Folders moved on Reboot...C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\CBCKORCJ\ac3[4].htm moved successfully.C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\84DALTFN\13866-virus-system-restore-ми-блокира-тотално-компа-help[1].htm moved successfully.C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\84DALTFN\ac3[1].htm moved successfully.C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\84DALTFN\ac3[2].htm moved successfully.C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\84DALTFN\ac3[3].htm moved successfully.C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\51WK2W99\ac3[1].htm moved successfully.C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\Content.IE5\51WK2W99\fastbutton[1].htm moved successfully.C:\Documents and Settings\TR45\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.Registry entries deleted on Reboot... Докладвам , че вече гадината я няма след второто унищожаване на някопосочени файлове.Но пораженията от нея остават , например :-изчезнаха ми фаворитите , няма страшно, ще си ги добавя от другия комп-Изчезнаха ми всички програми от All Programs от Start menu , мъчих се , ама не ми достигат силите , моля за помощ--дескопа го опрвавих , има си моя картинка , ама оъ май пикчърс не мога да я свалв ,и там има нещо- снимките в май пикчърс излизат на най ниска резолюция ,просто не можеш да разбереш какво е докато не я отвориш , а като кликна на някоя, излиза добре , къде ли не бърках , не можах да оправя проблема. засега друго не откривам, то е ясно че има много поразии , но не съм ги открил.Моля помагайте . Цитирай Link to comment Сподели другаде More sharing options...
mirkata Публикувано Октомври 31, 2011 Author Report Share Публикувано Октомври 31, 2011 НОВА ИНФОРМАЦИЯ :След престой от 1 час , нещо му стана на компа , с повод и без повод започна да иска да пращам рапорти за грешка. В същото време не мога да отворя интернет експлорера . След няколко опита компа блокира и иска рестарт. Но нищо не се променя . Антивирусната и Malwarebytes не показват вируси .Бече съм в безизходица.Опитах се да запиша гугъл хром на флашка , за да я инсталиран на повредения комп , просто не мога , нямам идея как да инсталирам този браузър.Май ще започна преинсталация, аз поне не виждам изход. Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.