Virus sending mails

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Virus sending mails

Post by vangui on Tue 11 Oct 2011, 6:50 pm

I received some notifications saying that mails sent by me did not reach some recipients. But, I did not send that mails... It is about an Yahoo account in Outlook 2007 using POP mail. I do not know if the mail was sent through Outlook or directly from Yahoo, but it uses the address book from Outlook.
Operating system - Windows 7
Office 2007
Laptop Dell Vostro 1310
Is it something else to mention in order to receive help?

Thanks in advance,
I. Vangu

OTL reports:
OTL.txt:
OTL logfile created on: 10/11/2011 12:38:46 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = E:\Kituri\OTL Antispyware
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 48.83 Gb Total Space | 26.89 Gb Free Space | 55.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 200.14 Gb Total Space | 52.73 Gb Free Space | 26.35% Space Free | Partition Type: NTFS
Drive F: | 49.12 Gb Total Space | 3.36 Gb Free Space | 6.83% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 606.87 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: FANEDURU-PC
Current User Name: Fane Duru
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2011/09/21 22:01:14 | 000,066,608 | ---- | M] (BitDefender) -- F:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
PRC - [2011/09/21 22:01:02 | 001,147,048 | ---- | M] (Bitdefender) -- F:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2011/09/21 22:00:03 | 001,538,472 | ---- | M] (Bitdefender) -- F:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2011/09/21 21:59:59 | 000,050,128 | ---- | M] (Bitdefender) -- F:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2011/09/21 21:58:44 | 000,093,912 | ---- | M] (Bitdefender) -- F:\Program Files\Bitdefender\Bitdefender 2012\pchooklaunch32.exe
PRC - [2011/06/29 22:05:36 | 000,966,712 | ---- | M] (Nokia) -- F:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2011/06/14 17:42:26 | 001,540,096 | ---- | M] (Nokia) -- F:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011/06/08 14:49:48 | 000,159,744 | ---- | M] (Nokia) -- F:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) -- F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) -- F:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
PRC - [2011/03/31 14:38:26 | 000,140,288 | ---- | M] (Nokia) -- F:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/02/26 08:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- F:\Windows\explorer.exe
PRC - [2011/02/25 20:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/17 01:25:20 | 002,835,968 | ---- | M] (SpeedBit Ltd.) -- F:\Program Files\DAP\DAP.exe
PRC - [2010/09/23 11:14:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Kituri\OTL Antispyware\OTL.com
PRC - [2010/09/22 01:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- F:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/09/22 01:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- F:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/10/10 22:29:14 | 000,864,256 | ---- | M] () -- E:\Programe Windows 7\Join Air\UIMain.exe
PRC - [2009/10/10 21:58:56 | 000,678,400 | ---- | M] () -- E:\Programe Windows 7\Join Air\CMUpdater.exe
PRC - [2009/10/10 21:57:50 | 000,246,272 | ---- | M] () -- E:\Programe Windows 7\Join Air\AssistantServices.exe
PRC - [2009/10/10 21:56:44 | 000,132,096 | ---- | M] () -- E:\Programe Windows 7\Join Air\UIExec.exe
PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\taskhost.exe
PRC - [2009/05/26 13:21:52 | 000,651,264 | ---- | M] (Nokia) -- F:\Program Files\Nokia\PC Internet Access\NPCIA.exe
PRC - [2009/05/11 23:10:00 | 000,525,640 | R--- | M] (WinZip Computing, S.L.) -- F:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/03/30 14:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- E:\Programe Windows 7\MagicDisc\MagicDisc.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- F:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/10 13:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/06/20 18:14:00 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- F:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/01/08 04:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- F:\Windows\OEM13Mon.exe
PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- F:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/09/29 19:14:24 | 000,459,032 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- F:\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00078_033\avcuf32.dll
MOD - [2011/09/21 21:59:40 | 000,015,624 | ---- | M] (Bitdefender) -- F:\Program Files\Bitdefender\Bitdefender 2012\pchook32.dll
MOD - [2011/07/16 07:34:28 | 000,290,816 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\KernelBase.dll
MOD - [2011/06/11 01:58:52 | 000,773,968 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msvcr100.dll
MOD - [2010/09/23 11:14:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Kituri\OTL Antispyware\OTL.com
MOD - [2010/08/21 08:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- F:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 04:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\sspicli.dll
MOD - [2009/07/14 04:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\sechost.dll
MOD - [2009/07/14 04:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\profapi.dll
MOD - [2009/07/14 04:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 04:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\devobj.dll
MOD - [2009/07/14 04:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 04:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 04:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2011/09/21 22:01:24 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- F:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/09/21 22:01:14 | 000,066,608 | ---- | M] (BitDefender) [Auto | Running] -- F:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox)
SRV - [2011/09/21 22:00:03 | 001,538,472 | ---- | M] (Bitdefender) [Auto | Running] -- F:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (vsserv)
SRV - [2011/09/21 21:59:59 | 000,050,128 | ---- | M] (Bitdefender) [Auto | Running] -- F:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- F:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2011/03/28 06:20:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/01 04:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- F:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 20:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/19 08:33:11 | 000,802,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011/02/14 05:16:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- F:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/23 11:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/23 03:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/22 01:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/03/19 03:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/19 00:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/19 00:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/19 00:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/19 00:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/19 00:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/10/10 21:57:50 | 000,246,272 | ---- | M] () [Auto | Running] -- E:\Programe Windows 7\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/07/23 06:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2009/07/14 04:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 04:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 04:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 04:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 04:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 04:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 04:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- F:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- F:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 04:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- F:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 04:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- F:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 04:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 04:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- F:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 04:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 04:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 04:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- F:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 04:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 04:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 04:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/03/30 14:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 14:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 14:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- F:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/10 13:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- F:\Windows\System32\DRIVERS\UimBus.sys -- (UimBus)
DRV - File not found [Kernel | System | Stopped] -- F:\Windows\System32\Drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011/09/21 22:00:08 | 000,596,600 | ---- | M] (BitDefender) [File_System | Boot | Running] -- F:\Windows\system32\DRIVERS\avc3.sys -- (avc3)
DRV - [2011/09/21 21:59:22 | 000,454,960 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- F:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2011/09/09 15:03:34 | 000,062,544 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- F:\Windows\System32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/09/09 15:03:29 | 000,090,704 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- F:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2011/07/22 20:20:05 | 000,311,248 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- F:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2011/07/19 16:20:36 | 000,127,056 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- F:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2011/07/15 16:11:46 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\avchv.sys -- (avchv)
DRV - [2011/06/25 22:28:56 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- F:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/06/10 06:34:52 | 000,394,856 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/03/24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- F:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/03/11 08:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2011/03/11 08:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2011/03/11 08:43:55 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2011/03/11 08:43:46 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\drivers\amdsata.sys -- (amdsata)
DRV - [2011/03/11 08:43:46 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- F:\Windows\system32\drivers\amdxata.sys -- (amdxata)
DRV - [2011/03/01 17:45:36 | 000,074,320 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- f:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2010/09/23 11:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/09/09 02:42:16 | 000,230,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- F:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- F:\Windows\System32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- F:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/11 10:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- F:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/12/09 08:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009/09/27 19:46:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/09/27 19:46:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/09/27 19:46:30 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/09/27 19:46:14 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/09/25 00:03:06 | 000,078,336 | ---- | M] ( Everstrike Software) [Kernel | Boot | Running] -- F:\Windows\System32\Drivers\US4Vista.sys -- (US30Sys)
DRV - [2009/08/20 00:35:00 | 009,787,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/13 08:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/14 04:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 04:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 04:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 04:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 04:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 04:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 04:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 04:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 04:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 04:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 04:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 04:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 04:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 04:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 04:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 04:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 04:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- F:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 04:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 04:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 04:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 04:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 04:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 04:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- F:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 04:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- F:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 04:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 04:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 04:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- F:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 04:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 04:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 04:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- F:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 04:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 04:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 04:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- F:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 03:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 03:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 03:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- F:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 02:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 02:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- F:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 02:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 02:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- F:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 02:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 02:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 02:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 02:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 02:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 02:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 02:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 02:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 02:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- F:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 02:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- F:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 02:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 02:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 02:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 01:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 01:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 01:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 01:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 01:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 01:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 01:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 01:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 01:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/08 11:45:32 | 002,506,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/03/30 14:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/20 18:37:00 | 000,200,112 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/05/29 04:01:00 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2008/05/07 03:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- F:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/11/06 09:06:48 | 000,039,472 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- F:\Windows\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2007/03/05 21:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- F:\Windows\System32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2005/11/15 00:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- F:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ro
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 EA 60 FE CF CB CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: E:\Programe Windows 7\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: E:\Programe Windows 7\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: E:\Programe Windows 7\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\KavAntiBanner@kaspersky.ru File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: F:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/06/30 22:04:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: F:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/06/30 22:04:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: F:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2011/09/06 18:27:22 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/03/28 09:54:48 | 000,000,854 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - F:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - F:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - F:\Program Files\SearchPredict\SearchPredict.dll (SpeedBit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - F:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - F:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - F:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - F:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - F:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - F:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - F:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Programe Windows 7\Adobe\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] F:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [DELL Webcam Manager] F:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] F:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] F:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM13Mon.exe] F:\Windows\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [UIExec] E:\Programe Windows 7\Join Air\UIExec.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DownloadAccelerator] F:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [NokiaOviSuite2] F:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [NokiaPCInternetAccess] F:\Program Files\Nokia\PC Internet Access\NPCIA.exe (Nokia)
O4 - Startup: F:\Users\Fane Duru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = E:\Programe Windows 7\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - F:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: @F:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - F:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @F:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @F:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Trimitere la OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Trimit&ere la OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @F:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @F:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - F:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - F:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} [You must be registered and logged in to see this link.] (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - F:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - F:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - F:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - F:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - F:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - E:\Programe Windows 7\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O30 - LSA: Security Packages - (pku2u) - F:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - F:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/27 18:46:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999/10/15 18:40:38 | 000,000,051 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{09fc6a21-a271-11e0-b383-001e37f9f314}\Shell - "" = AutoRun
O33 - MountPoints2\{09fc6a21-a271-11e0-b383-001e37f9f314}\Shell\AutoRun\command - "" = G:\NokiaPCIA_Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - F:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - F:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - F:\Windows\System32\bdesvc.dll (Microsoft Corporation)

MsConfig - StartUpFolder: F:^Users^Fane Duru^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KBHook.exe - Shortcut.lnk - E:\VB\VB.NET\Key Logger cu Tutorial\KBHook\bin\Debug\KBHook.exe - ()
MsConfig - StartUpFolder: F:^Users^Fane Duru^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - E:\Programe Windows 7\Adobe\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: swg - hkey= - key= - F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: US4Service - hkey= - key= - F:\ProgramData\Everstrike\US4Service.exe File not found
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - F:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Tue 11 Oct 2011, 9:12 pm

next part of OTL.txt:

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - F:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - F:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: US30Sys.sys - F:\Windows\System32\Drivers\US4Vista.sys ( Everstrike Software)
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - F:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - F:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - F:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - F:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - F:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - F:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {64F9AD68-2390-9918-9FF3-02340AC0ABE0} - Microsoft Windows Media Player 12.0
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - F:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - F:\Windows\system32\Rundll32.exe F:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - F:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - F:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - F:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - F:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - F:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/10/09 22:34:12 | 000,039,472 | ---- | C] (Paragon Software Group) -- F:\Windows\System32\drivers\hotcore3.sys
[2011/10/09 22:23:13 | 000,000,000 | ---D | C] -- F:\Program Files\NuGet 1.2
[2011/10/09 21:28:30 | 000,000,000 | ---D | C] -- F:\Users\Fane Duru\Documents\My Web Sites
[2011/10/09 21:28:30 | 000,000,000 | ---D | C] -- F:\Users\Fane Duru\Documents\IISExpress
[2011/10/09 21:27:05 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft WebMatrix
[2011/10/09 21:09:54 | 000,000,000 | ---D | C] -- F:\Program Files\IIS Express
[2011/10/09 18:35:42 | 000,000,000 | ---D | C] -- F:\Users\Public\Documents\Speedbit
[2011/10/09 18:34:52 | 000,000,000 | ---D | C] -- F:\Program Files\SearchPredict
[2011/09/24 00:26:11 | 000,000,000 | ---D | C] -- F:\Users\Fane Duru\AppData\Roaming\Help
[2011/09/24 00:26:11 | 000,000,000 | ---D | C] -- F:\Users\Fane Duru\AppData\Local\Help
[2011/09/24 00:24:57 | 000,296,960 | ---- | C] (Microsoft Corporation) -- F:\Windows\winhlp32.exe
[2011/09/24 00:24:57 | 000,195,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ftsrch.dll
[2011/09/24 00:24:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ftlx041e.dll
[2011/09/24 00:24:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ftlx0411.dll
[2011/09/24 00:01:28 | 000,000,000 | ---D | C] -- F:\ProgramData\Windows Genuine Advantage
[2011/09/21 22:00:08 | 000,596,600 | ---- | C] (BitDefender) -- F:\Windows\System32\drivers\avc3.sys
[2011/09/21 21:59:22 | 000,454,960 | ---- | C] (BitDefender) -- F:\Windows\System32\drivers\avckf.sys
[2011/09/21 21:48:55 | 000,000,000 | ---D | C] -- F:\Users\Fane Duru\AppData\Roaming\Qualcomm
[2011/09/21 21:26:12 | 001,712,128 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\gdiplus.dll
[2011/09/21 21:26:12 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- F:\Windows\System32\Roboex32.dll
[2011/09/21 21:26:12 | 000,048,640 | ---- | C] (Blue Sky Software) -- F:\Windows\System32\INETWH32.DLL
[2011/09/18 17:42:05 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- F:\Windows\System32\AdobePDFUI.dll

========== Files - Modified Within 30 Days ==========

[2011/10/11 12:43:18 | 017,825,792 | -HS- | M] () -- F:\Users\Fane Duru\ntuser.dat
[2011/10/11 12:38:01 | 000,001,102 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/11 12:36:31 | 000,000,303 | ---- | M] () -- F:\Windows\System32\checkdnsid.xml
[2011/10/11 12:34:18 | 000,001,545 | ---- | M] () -- F:\Users\Fane Duru\Desktop\My DAP Downloads.lnk
[2011/10/11 12:28:02 | 000,001,134 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1098476408-3626734880-3832598549-1000UA.job
[2011/10/11 10:17:35 | 000,018,464 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 10:17:35 | 000,018,464 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 10:06:05 | 000,001,098 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/11 10:05:52 | 000,000,006 | -H-- | M] () -- F:\Windows\tasks\SA.DAT
[2011/10/11 10:05:27 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2011/10/11 10:05:12 | 1609,375,744 | -HS- | M] () -- F:\hiberfil.sys
[2011/10/10 23:47:08 | 003,641,396 | -H-- | M] () -- F:\Users\Fane Duru\AppData\Local\IconCache.db
[2011/10/10 21:51:03 | 000,771,584 | ---- | M] () -- F:\Users\Fane Duru\Documents\ILR_Quality Indexes Report Septembrie (2011) v 9 - english (2).xls
[2011/10/10 20:29:36 | 000,135,680 | ---- | M] () -- F:\Users\Fane Duru\Documents\589 ROMTELECOM rev. 01.doc
[2011/10/10 19:28:03 | 000,001,082 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1098476408-3626734880-3832598549-1000Core.job
[2011/10/10 15:27:21 | 000,875,106 | ---- | M] () -- F:\Windows\System32\PerfStringBackup.INI
[2011/10/10 15:27:21 | 000,721,276 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2011/10/10 15:27:21 | 000,147,238 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2011/10/09 18:35:43 | 000,000,919 | ---- | M] () -- F:\Users\Fane Duru\Desktop\SPEEDbit Video Downloader.lnk
[2011/10/09 18:35:43 | 000,000,853 | ---- | M] () -- F:\Users\Fane Duru\Desktop\My Video Downloads .lnk
[2011/10/09 10:52:51 | 000,001,644 | ---- | M] () -- F:\Users\Fane Duru\Application Data\Microsoft\Internet Explorer\Quick Launch\Interactive - Excel 2003 to Excel 2007 command reference.exe - Shortcut.lnk
[2011/10/09 10:46:46 | 000,001,877 | ---- | M] () -- F:\Users\Fane Duru\Desktop\Quick Launch - Shortcut.lnk
[2011/10/07 23:34:49 | 000,001,521 | ---- | M] () -- F:\Users\Fane Duru\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide_Window.exe - Shortcut.lnk
[2011/10/07 23:06:48 | 000,013,312 | ---- | M] () -- F:\Users\Fane Duru\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/07 10:30:55 | 000,002,428 | ---- | M] () -- F:\Users\Fane Duru\Desktop\Google Chrome.lnk
[2011/10/04 20:45:07 | 000,213,504 | ---- | M] () -- F:\Users\Fane Duru\Documents\585 ILG.doc
[2011/10/04 19:51:40 | 001,451,008 | ---- | M] () -- F:\Users\Fane Duru\Documents\588 PIRAEUS BANK .doc
[2011/09/28 00:19:17 | 000,000,235 | ---- | M] () -- F:\srch_1.gif
[2011/09/21 22:00:08 | 000,596,600 | ---- | M] (BitDefender) -- F:\Windows\System32\drivers\avc3.sys
[2011/09/21 21:59:22 | 000,454,960 | ---- | M] (BitDefender) -- F:\Windows\System32\drivers\avckf.sys
[2011/09/14 22:49:01 | 000,114,176 | ---- | M] () -- F:\Users\Fane Duru\Documents\569 Heartz Lease rev.01.doc
[2011/09/14 22:46:11 | 000,113,664 | ---- | M] () -- F:\Users\Fane Duru\Documents\573 Flipchart rev.01.doc
[2011/09/14 22:40:16 | 000,123,904 | ---- | M] () -- F:\Users\Fane Duru\Documents\571 Edenred rev.01.doc
[2011/09/14 13:48:10 | 000,001,988 | ---- | M] () -- F:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/13 13:22:01 | 001,668,608 | ---- | M] () -- F:\Users\Fane Duru\Documents\Daily Delivery Report.xls
[2011/09/12 19:18:46 | 000,041,984 | ---- | M] () -- F:\Users\Fane Duru\Documents\Work Accidents Plan 2011.xls

========== Files Created - No Company Name ==========

[2011/10/10 21:50:59 | 000,771,584 | ---- | C] () -- F:\Users\Fane Duru\Documents\ILR_Quality Indexes Report Septembrie (2011) v 9 - english (2).xls
[2011/10/10 19:11:15 | 000,135,680 | ---- | C] () -- F:\Users\Fane Duru\Documents\589 ROMTELECOM rev. 01.doc
[2011/10/09 22:34:11 | 000,247,560 | ---- | C] () -- F:\Windows\System32\prgiso.dll
[2011/10/09 22:34:10 | 004,244,744 | ---- | C] () -- F:\Windows\System32\qtp-mt334.dll
[2011/10/09 22:34:10 | 000,013,576 | ---- | C] () -- F:\Windows\System32\wnaspi32.dll
[2011/10/09 18:35:43 | 000,000,919 | ---- | C] () -- F:\Users\Fane Duru\Desktop\SPEEDbit Video Downloader.lnk
[2011/10/09 18:35:43 | 000,000,853 | ---- | C] () -- F:\Users\Fane Duru\Desktop\My Video Downloads .lnk
[2011/10/09 10:52:51 | 000,001,644 | ---- | C] () -- F:\Users\Fane Duru\Application Data\Microsoft\Internet Explorer\Quick Launch\Interactive - Excel 2003 to Excel 2007 command reference.exe - Shortcut.lnk
[2011/10/09 10:46:46 | 000,001,877 | ---- | C] () -- F:\Users\Fane Duru\Desktop\Quick Launch - Shortcut.lnk
[2011/10/07 23:34:49 | 000,001,521 | ---- | C] () -- F:\Users\Fane Duru\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide_Window.exe - Shortcut.lnk
[2011/10/04 20:45:05 | 000,213,504 | ---- | C] () -- F:\Users\Fane Duru\Documents\585 ILG.doc
[2011/10/04 19:51:38 | 001,451,008 | ---- | C] () -- F:\Users\Fane Duru\Documents\588 PIRAEUS BANK .doc
[2011/09/28 00:19:17 | 000,000,235 | ---- | C] () -- F:\srch_1.gif
[2011/09/14 22:46:10 | 000,113,664 | ---- | C] () -- F:\Users\Fane Duru\Documents\573 Flipchart rev.01.doc
[2011/09/14 22:40:15 | 000,123,904 | ---- | C] () -- F:\Users\Fane Duru\Documents\571 Edenred rev.01.doc
[2011/09/14 22:36:24 | 000,114,176 | ---- | C] () -- F:\Users\Fane Duru\Documents\569 Heartz Lease rev.01.doc
[2011/09/13 00:14:44 | 001,668,608 | ---- | C] () -- F:\Users\Fane Duru\Documents\Daily Delivery Report.xls
[2011/09/12 18:56:31 | 000,041,984 | ---- | C] () -- F:\Users\Fane Duru\Documents\Work Accidents Plan 2011.xls
[2011/09/05 21:19:40 | 000,013,312 | ---- | C] () -- F:\Users\Fane Duru\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/07 23:01:06 | 000,235,388 | ---- | C] () -- F:\ProgramData\1312746489.bdinstall.bin
[2011/08/07 22:42:53 | 000,015,532 | ---- | C] () -- F:\ProgramData\1312746135.bdinstall.bin
[2011/08/07 22:36:53 | 000,015,532 | ---- | C] () -- F:\ProgramData\1312745806.bdinstall.bin
[2011/08/07 22:31:12 | 000,159,692 | ---- | C] () -- F:\ProgramData\1312745267.bdinstall.bin
[2011/06/26 22:51:51 | 000,339,456 | ---- | C] () -- F:\Windows\System32\Tx32.dll
[2011/06/25 23:38:30 | 000,000,061 | ---- | C] () -- F:\Windows\dcmvwr.INI
[2011/06/25 22:28:55 | 000,722,416 | ---- | C] () -- F:\Windows\System32\drivers\sptd.sys
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- F:\Windows\System32\RtNicProp32.dll
[2011/05/09 12:28:15 | 000,000,185 | ---- | C] () -- F:\Windows\mdm.ini
[2011/05/09 12:27:56 | 000,000,288 | ---- | C] () -- F:\Windows\ODBC.INI
[2011/05/09 11:57:09 | 000,000,000 | ---- | C] () -- F:\Windows\MSJAVA.DLL
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- F:\Windows\System32\xlive.dll.cat
[2011/02/19 04:11:34 | 000,007,613 | ---- | C] () -- F:\Users\Fane Duru\AppData\Local\Resmon.ResmonCfg
[2011/02/17 09:31:34 | 000,036,588 | ---- | C] () -- F:\Users\Fane Duru\AppData\Roaming\Comma Separated Values (DOS).ADR
[2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- F:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\System32\BWContextHandler.dll
[2008/10/07 20:13:30 | 000,197,912 | ---- | C] () -- F:\Windows\System32\physxcudart_20.dll
[2008/10/07 20:13:22 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelFrench.dll
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- F:\Windows\System32\WdfCoInstaller01000.dll
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- F:\Windows\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- F:\Windows\FRONTPG.INI

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/04/08 14:11:59 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\dxtmsft.dll
[2011/04/08 14:11:59 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\dxtrans.dll
[2009/06/11 00:29:29 | 011,967,524 | ---- | M] () Unable to obtain MD5 -- F:\Windows\System32\korwbrkr.lex
[2009/07/14 00:04:05 | 000,043,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\msdxm.tlb
[2011/07/22 05:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\mshtml.tlb
[2009/07/14 02:43:53 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\stdole2.tlb
[2009/07/14 04:14:10 | 000,122,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\wshom.ocx

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >
[2011/03/24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) Unable to obtain MD5 -- F:\Windows\System32\drivers\bdfsfltr.sys
[2011/06/25 22:28:56 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- F:\Windows\System32\drivers\sptd.sys

< %PROGRAMFILES%\*. >
[2011/03/26 16:28:51 | 000,000,000 | ---D | M] -- F:\Program Files\Adobe
[2011/02/17 07:32:18 | 000,000,000 | ---D | M] -- F:\Program Files\AGEIA Technologies
[2011/06/23 19:11:57 | 000,000,000 | ---D | M] -- F:\Program Files\Ant.com
[2011/08/07 22:56:42 | 000,000,000 | ---D | M] -- F:\Program Files\Bitdefender
[2011/09/05 00:49:16 | 000,000,000 | ---D | M] -- F:\Program Files\Common Files
[2011/09/05 00:49:44 | 000,000,000 | ---D | M] -- F:\Program Files\Creative
[2011/09/05 00:47:39 | 000,000,000 | ---D | M] -- F:\Program Files\Creative Live! Cam
[2011/03/26 16:51:15 | 000,000,000 | ---D | M] -- F:\Program Files\CustomUIEditor
[2011/02/17 01:26:48 | 000,000,000 | ---D | M] -- F:\Program Files\DAP
[2011/09/05 00:47:16 | 000,000,000 | ---D | M] -- F:\Program Files\Dell
[2011/06/30 22:03:40 | 000,000,000 | ---D | M] -- F:\Program Files\DIFX
[2011/03/26 16:57:13 | 000,000,000 | ---D | M] -- F:\Program Files\DVD Maker
[2011/02/14 04:17:57 | 000,000,000 | ---D | M] -- F:\Program Files\Google
[2011/02/19 11:28:16 | 000,000,000 | ---D | M] -- F:\Program Files\HTML Help Workshop
[2011/10/09 21:06:21 | 000,000,000 | ---D | M] -- F:\Program Files\IIS
[2011/10/09 21:10:49 | 000,000,000 | ---D | M] -- F:\Program Files\IIS Express
[2011/02/18 09:23:45 | 000,000,000 | ---D | M] -- F:\Program Files\iMesh Applications
[2011/10/09 22:34:52 | 000,000,000 | -H-D | M] -- F:\Program Files\InstallShield Installation Information
[2011/03/27 06:07:50 | 000,000,000 | ---D | M] -- F:\Program Files\InstantEyedropper
[2011/08/11 17:54:44 | 000,000,000 | ---D | M] -- F:\Program Files\Internet Explorer
[2011/07/04 23:07:03 | 000,000,000 | ---D | M] -- F:\Program Files\Java
[2011/04/01 12:52:27 | 000,000,000 | ---D | M] -- F:\Program Files\Kaspersky Lab
[2011/03/31 12:32:49 | 000,000,000 | ---D | M] -- F:\Program Files\McAfee Security Scan
[2011/10/09 20:59:23 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft
[2011/10/09 22:16:48 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft ASP.NET
[2011/02/14 10:58:44 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/02/19 05:30:26 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Expression
[2011/02/19 11:24:31 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft F#
[2011/02/16 01:01:17 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Games
[2011/05/06 14:16:45 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Games for Windows - LIVE
[2011/02/19 02:09:45 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Help Viewer
[2011/07/01 21:05:30 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Office
[2011/02/20 01:16:09 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft SDKs
[2011/06/16 18:50:49 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Silverlight
[2011/02/19 02:32:47 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft SQL Server
[2011/10/09 21:17:50 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft SQL Server Compact Edition
[2011/02/19 11:52:34 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Sync Framework
[2011/02/19 02:12:48 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Synchronization Services
[2011/05/09 12:25:35 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Visual Studio
[2011/02/20 00:53:05 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Visual Studio 10.0
[2011/02/14 09:35:56 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Visual Studio 8
[2011/02/19 06:52:30 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Visual Studio 9.0
[2011/10/09 21:28:05 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft WebMatrix
[2011/02/14 10:54:52 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Works
[2011/02/20 00:51:01 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft XDE
[2011/02/19 05:04:31 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft XNA
[2011/02/19 02:31:32 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft.NET
[2011/02/20 00:53:16 | 000,000,000 | ---D | M] -- F:\Program Files\MSBuild
[2011/07/01 14:51:27 | 000,000,000 | ---D | M] -- F:\Program Files\MSXML 4.0
[2011/06/30 22:04:00 | 000,000,000 | ---D | M] -- F:\Program Files\Nokia
[2011/10/09 22:23:13 | 000,000,000 | ---D | M] -- F:\Program Files\NuGet 1.2
[2011/06/12 20:29:40 | 000,000,000 | ---D | M] -- F:\Program Files\Passware
[2011/06/30 22:02:34 | 000,000,000 | ---D | M] -- F:\Program Files\PC Connectivity Solution
[2011/06/26 23:29:06 | 000,000,000 | ---D | M] -- F:\Program Files\Primal Pictures
[2009/07/14 07:52:30 | 000,000,000 | ---D | M] -- F:\Program Files\Reference Assemblies
[2011/10/09 18:34:52 | 000,000,000 | ---D | M] -- F:\Program Files\SearchPredict
[2011/05/25 21:49:14 | 000,000,000 | ---D | M] -- F:\Program Files\SopCast
[2011/02/18 06:45:26 | 000,000,000 | ---D | M] -- F:\Program Files\Synaptics
[2009/07/14 07:53:23 | 000,000,000 | -H-D | M] -- F:\Program Files\Uninstall Information
[2011/03/31 12:09:56 | 000,000,000 | ---D | M] -- F:\Program Files\uTorrent
[2011/05/09 16:09:11 | 000,000,000 | ---D | M] -- F:\Program Files\Visual Basic for Windows Phone Developer Tools - RTW
[2011/05/09 12:25:40 | 000,000,000 | ---D | M] -- F:\Program Files\Web Publish
[2011/03/26 16:57:13 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Defender
[2011/03/26 16:57:13 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Journal
[2011/02/18 08:00:04 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Live
[2011/02/17 02:32:38 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Loader v1.9.2 - By Daz
[2011/03/26 16:57:13 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Mail
[2011/03/27 03:04:21 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Media Player
[2009/07/14 07:52:30 | 000,000,000 | ---D | M] -- F:\Program Files\Windows NT
[2011/03/26 16:56:18 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Photo Viewer
[2011/03/26 16:56:18 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Portable Devices
[2011/08/01 18:47:24 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Sidebar
[2011/02/14 04:19:12 | 000,000,000 | ---D | M] -- F:\Program Files\WinZip
[2011/02/19 05:30:04 | 000,000,000 | ---D | M] -- F:\Program Files\WPF Toolkit
[2011/03/26 16:51:04 | 000,000,000 | ---D | M] -- F:\Program Files\XML Notepad 2007
[2011/08/02 23:03:25 | 000,000,000 | ---D | M] -- F:\Program Files\Yahoo!
[2011/09/09 20:21:05 | 000,000,000 | ---D | M] -- F:\Program Files\Zune


< MD5 for: AGP440.SYS >
[2009/07/14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- F:\Windows\System32\drivers\AGP440.sys
[2009/07/14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- F:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- F:\Windows\System32\drivers\atapi.sys
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- F:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/14 04:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- F:\Windows\System32\drivers\disk.sys
[2009/07/14 04:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- F:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 04:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- F:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\794bc4da2d62a8fefe8c\b2662a9ed0d5e63b02478e\2a414b1b883f6e3f2f0f4c\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\System32\netlogon.dll
[2009/07/14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 08:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 08:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- F:\Windows\System32\drivers\nvstor.sys
[2011/03/11 08:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 08:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 08:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- F:\794bc4da2d62a8fefe8c\b2662a9ed0d5e63b02478e\2a414b1b883f6e3f2f0f4c\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 04:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 04:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-28 21:23:32

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "F:\Windows\System32\ie4uinit.exe" -show [2011/04/08 14:11:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "F:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/08 14:11:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "F:\Windows\System32\ie4uinit.exe" -hide [2011/04/08 14:11:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "F:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/08 14:11:59 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: F:\Program Files\Internet Explorer\iexplore.exe [2011/04/08 14:11:59 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "F:\Windows\System32\ie4uinit.exe" -show [2011/04/08 14:11:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "F:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/08 14:11:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "F:\Windows\System32\ie4uinit.exe" -hide [2011/04/08 14:11:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "F:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/08 14:11:59 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: F:\Program Files\Internet Explorer\iexplore.exe [2011/04/08 14:11:59 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> F:\Users\Fane Duru\Desktop\My DAP Downloads.lnk:BDU
@Alternate Data Stream - 120 bytes -> F:\ProgramData\TEMP:D5AD7675
@Alternate Data Stream - 112 bytes -> F:\ProgramData\TEMP:2B11E0DF

< End of report >

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Tue 11 Oct 2011, 9:14 pm

and Extras.txt:

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - F:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - F:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: US30Sys.sys - F:\Windows\System32\Drivers\US4Vista.sys ( Everstrike Software)
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - F:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - F:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - F:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - F:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - F:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - F:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {64F9AD68-2390-9918-9FF3-02340AC0ABE0} - Microsoft Windows Media Player 12.0
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - F:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - F:\Windows\system32\Rundll32.exe F:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - F:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - F:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - F:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - F:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - F:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/10/09 22:34:12 | 000,039,472 | ---- | C] (Paragon Software Group) -- F:\Windows\System32\drivers\hotcore3.sys
[2011/10/09 22:23:13 | 000,000,000 | ---D | C] -- F:\Program Files\NuGet 1.2
[2011/10/09 21:28:30 | 000,000,000 | ---D | C] -- F:\Users\Fane Duru\Documents\My Web Sites
[2011/10/09 21:28:30 | 000,000,000 | ---D | C] -- F:\Users\Fane Duru\Documents\IISExpress
[2011/10/09 21:27:05 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft WebMatrix
[2011/10/09 21:09:54 | 000,000,000 | ---D | C] -- F:\Program Files\IIS Express
[2011/10/09 18:35:42 | 000,000,000 | ---D | C] -- F:\Users\Public\Documents\Speedbit
[2011/10/09 18:34:52 | 000,000,000 | ---D | C] -- F:\Program Files\SearchPredict
[2011/09/24 00:26:11 | 000,000,000 | ---D | C] -- F:\Users\Fane Duru\AppData\Roaming\Help
[2011/09/24 00:26:11 | 000,000,000 | ---D | C] -- F:\Users\Fane Duru\AppData\Local\Help
[2011/09/24 00:24:57 | 000,296,960 | ---- | C] (Microsoft Corporation) -- F:\Windows\winhlp32.exe
[2011/09/24 00:24:57 | 000,195,072 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ftsrch.dll
[2011/09/24 00:24:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ftlx041e.dll
[2011/09/24 00:24:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ftlx0411.dll
[2011/09/24 00:01:28 | 000,000,000 | ---D | C] -- F:\ProgramData\Windows Genuine Advantage
[2011/09/21 22:00:08 | 000,596,600 | ---- | C] (BitDefender) -- F:\Windows\System32\drivers\avc3.sys
[2011/09/21 21:59:22 | 000,454,960 | ---- | C] (BitDefender) -- F:\Windows\System32\drivers\avckf.sys
[2011/09/21 21:48:55 | 000,000,000 | ---D | C] -- F:\Users\Fane Duru\AppData\Roaming\Qualcomm
[2011/09/21 21:26:12 | 001,712,128 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\gdiplus.dll
[2011/09/21 21:26:12 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- F:\Windows\System32\Roboex32.dll
[2011/09/21 21:26:12 | 000,048,640 | ---- | C] (Blue Sky Software) -- F:\Windows\System32\INETWH32.DLL
[2011/09/18 17:42:05 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- F:\Windows\System32\AdobePDFUI.dll

========== Files - Modified Within 30 Days ==========

[2011/10/11 12:43:18 | 017,825,792 | -HS- | M] () -- F:\Users\Fane Duru\ntuser.dat
[2011/10/11 12:38:01 | 000,001,102 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/11 12:36:31 | 000,000,303 | ---- | M] () -- F:\Windows\System32\checkdnsid.xml
[2011/10/11 12:34:18 | 000,001,545 | ---- | M] () -- F:\Users\Fane Duru\Desktop\My DAP Downloads.lnk
[2011/10/11 12:28:02 | 000,001,134 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1098476408-3626734880-3832598549-1000UA.job
[2011/10/11 10:17:35 | 000,018,464 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 10:17:35 | 000,018,464 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/11 10:06:05 | 000,001,098 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/11 10:05:52 | 000,000,006 | -H-- | M] () -- F:\Windows\tasks\SA.DAT
[2011/10/11 10:05:27 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2011/10/11 10:05:12 | 1609,375,744 | -HS- | M] () -- F:\hiberfil.sys
[2011/10/10 23:47:08 | 003,641,396 | -H-- | M] () -- F:\Users\Fane Duru\AppData\Local\IconCache.db
[2011/10/10 21:51:03 | 000,771,584 | ---- | M] () -- F:\Users\Fane Duru\Documents\ILR_Quality Indexes Report Septembrie (2011) v 9 - english (2).xls
[2011/10/10 20:29:36 | 000,135,680 | ---- | M] () -- F:\Users\Fane Duru\Documents\589 ROMTELECOM rev. 01.doc
[2011/10/10 19:28:03 | 000,001,082 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1098476408-3626734880-3832598549-1000Core.job
[2011/10/10 15:27:21 | 000,875,106 | ---- | M] () -- F:\Windows\System32\PerfStringBackup.INI
[2011/10/10 15:27:21 | 000,721,276 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2011/10/10 15:27:21 | 000,147,238 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2011/10/09 18:35:43 | 000,000,919 | ---- | M] () -- F:\Users\Fane Duru\Desktop\SPEEDbit Video Downloader.lnk
[2011/10/09 18:35:43 | 000,000,853 | ---- | M] () -- F:\Users\Fane Duru\Desktop\My Video Downloads .lnk
[2011/10/09 10:52:51 | 000,001,644 | ---- | M] () -- F:\Users\Fane Duru\Application Data\Microsoft\Internet Explorer\Quick Launch\Interactive - Excel 2003 to Excel 2007 command reference.exe - Shortcut.lnk
[2011/10/09 10:46:46 | 000,001,877 | ---- | M] () -- F:\Users\Fane Duru\Desktop\Quick Launch - Shortcut.lnk
[2011/10/07 23:34:49 | 000,001,521 | ---- | M] () -- F:\Users\Fane Duru\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide_Window.exe - Shortcut.lnk
[2011/10/07 23:06:48 | 000,013,312 | ---- | M] () -- F:\Users\Fane Duru\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/07 10:30:55 | 000,002,428 | ---- | M] () -- F:\Users\Fane Duru\Desktop\Google Chrome.lnk
[2011/10/04 20:45:07 | 000,213,504 | ---- | M] () -- F:\Users\Fane Duru\Documents\585 ILG.doc
[2011/10/04 19:51:40 | 001,451,008 | ---- | M] () -- F:\Users\Fane Duru\Documents\588 PIRAEUS BANK .doc
[2011/09/28 00:19:17 | 000,000,235 | ---- | M] () -- F:\srch_1.gif
[2011/09/21 22:00:08 | 000,596,600 | ---- | M] (BitDefender) -- F:\Windows\System32\drivers\avc3.sys
[2011/09/21 21:59:22 | 000,454,960 | ---- | M] (BitDefender) -- F:\Windows\System32\drivers\avckf.sys
[2011/09/14 22:49:01 | 000,114,176 | ---- | M] () -- F:\Users\Fane Duru\Documents\569 Heartz Lease rev.01.doc
[2011/09/14 22:46:11 | 000,113,664 | ---- | M] () -- F:\Users\Fane Duru\Documents\573 Flipchart rev.01.doc
[2011/09/14 22:40:16 | 000,123,904 | ---- | M] () -- F:\Users\Fane Duru\Documents\571 Edenred rev.01.doc
[2011/09/14 13:48:10 | 000,001,988 | ---- | M] () -- F:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/13 13:22:01 | 001,668,608 | ---- | M] () -- F:\Users\Fane Duru\Documents\Daily Delivery Report.xls
[2011/09/12 19:18:46 | 000,041,984 | ---- | M] () -- F:\Users\Fane Duru\Documents\Work Accidents Plan 2011.xls

========== Files Created - No Company Name ==========

[2011/10/10 21:50:59 | 000,771,584 | ---- | C] () -- F:\Users\Fane Duru\Documents\ILR_Quality Indexes Report Septembrie (2011) v 9 - english (2).xls
[2011/10/10 19:11:15 | 000,135,680 | ---- | C] () -- F:\Users\Fane Duru\Documents\589 ROMTELECOM rev. 01.doc
[2011/10/09 22:34:11 | 000,247,560 | ---- | C] () -- F:\Windows\System32\prgiso.dll
[2011/10/09 22:34:10 | 004,244,744 | ---- | C] () -- F:\Windows\System32\qtp-mt334.dll
[2011/10/09 22:34:10 | 000,013,576 | ---- | C] () -- F:\Windows\System32\wnaspi32.dll
[2011/10/09 18:35:43 | 000,000,919 | ---- | C] () -- F:\Users\Fane Duru\Desktop\SPEEDbit Video Downloader.lnk
[2011/10/09 18:35:43 | 000,000,853 | ---- | C] () -- F:\Users\Fane Duru\Desktop\My Video Downloads .lnk
[2011/10/09 10:52:51 | 000,001,644 | ---- | C] () -- F:\Users\Fane Duru\Application Data\Microsoft\Internet Explorer\Quick Launch\Interactive - Excel 2003 to Excel 2007 command reference.exe - Shortcut.lnk
[2011/10/09 10:46:46 | 000,001,877 | ---- | C] () -- F:\Users\Fane Duru\Desktop\Quick Launch - Shortcut.lnk
[2011/10/07 23:34:49 | 000,001,521 | ---- | C] () -- F:\Users\Fane Duru\Application Data\Microsoft\Internet Explorer\Quick Launch\Hide_Window.exe - Shortcut.lnk
[2011/10/04 20:45:05 | 000,213,504 | ---- | C] () -- F:\Users\Fane Duru\Documents\585 ILG.doc
[2011/10/04 19:51:38 | 001,451,008 | ---- | C] () -- F:\Users\Fane Duru\Documents\588 PIRAEUS BANK .doc
[2011/09/28 00:19:17 | 000,000,235 | ---- | C] () -- F:\srch_1.gif
[2011/09/14 22:46:10 | 000,113,664 | ---- | C] () -- F:\Users\Fane Duru\Documents\573 Flipchart rev.01.doc
[2011/09/14 22:40:15 | 000,123,904 | ---- | C] () -- F:\Users\Fane Duru\Documents\571 Edenred rev.01.doc
[2011/09/14 22:36:24 | 000,114,176 | ---- | C] () -- F:\Users\Fane Duru\Documents\569 Heartz Lease rev.01.doc
[2011/09/13 00:14:44 | 001,668,608 | ---- | C] () -- F:\Users\Fane Duru\Documents\Daily Delivery Report.xls
[2011/09/12 18:56:31 | 000,041,984 | ---- | C] () -- F:\Users\Fane Duru\Documents\Work Accidents Plan 2011.xls
[2011/09/05 21:19:40 | 000,013,312 | ---- | C] () -- F:\Users\Fane Duru\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/07 23:01:06 | 000,235,388 | ---- | C] () -- F:\ProgramData\1312746489.bdinstall.bin
[2011/08/07 22:42:53 | 000,015,532 | ---- | C] () -- F:\ProgramData\1312746135.bdinstall.bin
[2011/08/07 22:36:53 | 000,015,532 | ---- | C] () -- F:\ProgramData\1312745806.bdinstall.bin
[2011/08/07 22:31:12 | 000,159,692 | ---- | C] () -- F:\ProgramData\1312745267.bdinstall.bin
[2011/06/26 22:51:51 | 000,339,456 | ---- | C] () -- F:\Windows\System32\Tx32.dll
[2011/06/25 23:38:30 | 000,000,061 | ---- | C] () -- F:\Windows\dcmvwr.INI
[2011/06/25 22:28:55 | 000,722,416 | ---- | C] () -- F:\Windows\System32\drivers\sptd.sys
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- F:\Windows\System32\RtNicProp32.dll
[2011/05/09 12:28:15 | 000,000,185 | ---- | C] () -- F:\Windows\mdm.ini
[2011/05/09 12:27:56 | 000,000,288 | ---- | C] () -- F:\Windows\ODBC.INI
[2011/05/09 11:57:09 | 000,000,000 | ---- | C] () -- F:\Windows\MSJAVA.DLL
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- F:\Windows\System32\xlive.dll.cat
[2011/02/19 04:11:34 | 000,007,613 | ---- | C] () -- F:\Users\Fane Duru\AppData\Local\Resmon.ResmonCfg
[2011/02/17 09:31:34 | 000,036,588 | ---- | C] () -- F:\Users\Fane Duru\AppData\Roaming\Comma Separated Values (DOS).ADR
[2009/07/14 02:51:43 | 000,073,728 | ---- | C] () -- F:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 02:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\System32\BWContextHandler.dll
[2008/10/07 20:13:30 | 000,197,912 | ---- | C] () -- F:\Windows\System32\physxcudart_20.dll
[2008/10/07 20:13:22 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 20:13:20 | 000,058,648 | ---- | C] () -- F:\Windows\System32\AgCPanelFrench.dll
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- F:\Windows\System32\WdfCoInstaller01000.dll
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- F:\Windows\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- F:\Windows\FRONTPG.INI

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/04/08 14:11:59 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\dxtmsft.dll
[2011/04/08 14:11:59 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\dxtrans.dll
[2009/06/11 00:29:29 | 011,967,524 | ---- | M] () Unable to obtain MD5 -- F:\Windows\System32\korwbrkr.lex
[2009/07/14 00:04:05 | 000,043,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\msdxm.tlb
[2011/07/22 05:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\mshtml.tlb
[2009/07/14 02:43:53 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\stdole2.tlb
[2009/07/14 04:14:10 | 000,122,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- F:\Windows\System32\wshom.ocx

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >
[2011/03/24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) Unable to obtain MD5 -- F:\Windows\System32\drivers\bdfsfltr.sys
[2011/06/25 22:28:56 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- F:\Windows\System32\drivers\sptd.sys

< %PROGRAMFILES%\*. >
[2011/03/26 16:28:51 | 000,000,000 | ---D | M] -- F:\Program Files\Adobe
[2011/02/17 07:32:18 | 000,000,000 | ---D | M] -- F:\Program Files\AGEIA Technologies
[2011/06/23 19:11:57 | 000,000,000 | ---D | M] -- F:\Program Files\Ant.com
[2011/08/07 22:56:42 | 000,000,000 | ---D | M] -- F:\Program Files\Bitdefender
[2011/09/05 00:49:16 | 000,000,000 | ---D | M] -- F:\Program Files\Common Files
[2011/09/05 00:49:44 | 000,000,000 | ---D | M] -- F:\Program Files\Creative
[2011/09/05 00:47:39 | 000,000,000 | ---D | M] -- F:\Program Files\Creative Live! Cam
[2011/03/26 16:51:15 | 000,000,000 | ---D | M] -- F:\Program Files\CustomUIEditor
[2011/02/17 01:26:48 | 000,000,000 | ---D | M] -- F:\Program Files\DAP
[2011/09/05 00:47:16 | 000,000,000 | ---D | M] -- F:\Program Files\Dell
[2011/06/30 22:03:40 | 000,000,000 | ---D | M] -- F:\Program Files\DIFX
[2011/03/26 16:57:13 | 000,000,000 | ---D | M] -- F:\Program Files\DVD Maker
[2011/02/14 04:17:57 | 000,000,000 | ---D | M] -- F:\Program Files\Google
[2011/02/19 11:28:16 | 000,000,000 | ---D | M] -- F:\Program Files\HTML Help Workshop
[2011/10/09 21:06:21 | 000,000,000 | ---D | M] -- F:\Program Files\IIS
[2011/10/09 21:10:49 | 000,000,000 | ---D | M] -- F:\Program Files\IIS Express
[2011/02/18 09:23:45 | 000,000,000 | ---D | M] -- F:\Program Files\iMesh Applications
[2011/10/09 22:34:52 | 000,000,000 | -H-D | M] -- F:\Program Files\InstallShield Installation Information
[2011/03/27 06:07:50 | 000,000,000 | ---D | M] -- F:\Program Files\InstantEyedropper
[2011/08/11 17:54:44 | 000,000,000 | ---D | M] -- F:\Program Files\Internet Explorer
[2011/07/04 23:07:03 | 000,000,000 | ---D | M] -- F:\Program Files\Java
[2011/04/01 12:52:27 | 000,000,000 | ---D | M] -- F:\Program Files\Kaspersky Lab
[2011/03/31 12:32:49 | 000,000,000 | ---D | M] -- F:\Program Files\McAfee Security Scan
[2011/10/09 20:59:23 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft
[2011/10/09 22:16:48 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft ASP.NET
[2011/02/14 10:58:44 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/02/19 05:30:26 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Expression
[2011/02/19 11:24:31 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft F#
[2011/02/16 01:01:17 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Games
[2011/05/06 14:16:45 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Games for Windows - LIVE
[2011/02/19 02:09:45 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Help Viewer
[2011/07/01 21:05:30 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Office
[2011/02/20 01:16:09 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft SDKs
[2011/06/16 18:50:49 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Silverlight
[2011/02/19 02:32:47 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft SQL Server
[2011/10/09 21:17:50 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft SQL Server Compact Edition
[2011/02/19 11:52:34 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Sync Framework
[2011/02/19 02:12:48 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Synchronization Services
[2011/05/09 12:25:35 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Visual Studio
[2011/02/20 00:53:05 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Visual Studio 10.0
[2011/02/14 09:35:56 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Visual Studio 8
[2011/02/19 06:52:30 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Visual Studio 9.0
[2011/10/09 21:28:05 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft WebMatrix
[2011/02/14 10:54:52 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft Works
[2011/02/20 00:51:01 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft XDE
[2011/02/19 05:04:31 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft XNA
[2011/02/19 02:31:32 | 000,000,000 | ---D | M] -- F:\Program Files\Microsoft.NET
[2011/02/20 00:53:16 | 000,000,000 | ---D | M] -- F:\Program Files\MSBuild
[2011/07/01 14:51:27 | 000,000,000 | ---D | M] -- F:\Program Files\MSXML 4.0
[2011/06/30 22:04:00 | 000,000,000 | ---D | M] -- F:\Program Files\Nokia
[2011/10/09 22:23:13 | 000,000,000 | ---D | M] -- F:\Program Files\NuGet 1.2
[2011/06/12 20:29:40 | 000,000,000 | ---D | M] -- F:\Program Files\Passware
[2011/06/30 22:02:34 | 000,000,000 | ---D | M] -- F:\Program Files\PC Connectivity Solution
[2011/06/26 23:29:06 | 000,000,000 | ---D | M] -- F:\Program Files\Primal Pictures
[2009/07/14 07:52:30 | 000,000,000 | ---D | M] -- F:\Program Files\Reference Assemblies
[2011/10/09 18:34:52 | 000,000,000 | ---D | M] -- F:\Program Files\SearchPredict
[2011/05/25 21:49:14 | 000,000,000 | ---D | M] -- F:\Program Files\SopCast
[2011/02/18 06:45:26 | 000,000,000 | ---D | M] -- F:\Program Files\Synaptics
[2009/07/14 07:53:23 | 000,000,000 | -H-D | M] -- F:\Program Files\Uninstall Information
[2011/03/31 12:09:56 | 000,000,000 | ---D | M] -- F:\Program Files\uTorrent
[2011/05/09 16:09:11 | 000,000,000 | ---D | M] -- F:\Program Files\Visual Basic for Windows Phone Developer Tools - RTW
[2011/05/09 12:25:40 | 000,000,000 | ---D | M] -- F:\Program Files\Web Publish
[2011/03/26 16:57:13 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Defender
[2011/03/26 16:57:13 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Journal
[2011/02/18 08:00:04 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Live
[2011/02/17 02:32:38 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Loader v1.9.2 - By Daz
[2011/03/26 16:57:13 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Mail
[2011/03/27 03:04:21 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Media Player
[2009/07/14 07:52:30 | 000,000,000 | ---D | M] -- F:\Program Files\Windows NT
[2011/03/26 16:56:18 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Photo Viewer
[2011/03/26 16:56:18 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Portable Devices
[2011/08/01 18:47:24 | 000,000,000 | ---D | M] -- F:\Program Files\Windows Sidebar
[2011/02/14 04:19:12 | 000,000,000 | ---D | M] -- F:\Program Files\WinZip
[2011/02/19 05:30:04 | 000,000,000 | ---D | M] -- F:\Program Files\WPF Toolkit
[2011/03/26 16:51:04 | 000,000,000 | ---D | M] -- F:\Program Files\XML Notepad 2007
[2011/08/02 23:03:25 | 000,000,000 | ---D | M] -- F:\Program Files\Yahoo!
[2011/09/09 20:21:05 | 000,000,000 | ---D | M] -- F:\Program Files\Zune


< MD5 for: AGP440.SYS >
[2009/07/14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- F:\Windows\System32\drivers\AGP440.sys
[2009/07/14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- F:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 04:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- F:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- F:\Windows\System32\drivers\atapi.sys
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- F:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 04:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- F:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/14 04:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- F:\Windows\System32\drivers\disk.sys
[2009/07/14 04:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- F:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 04:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- F:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- F:\794bc4da2d62a8fefe8c\b2662a9ed0d5e63b02478e\2a414b1b883f6e3f2f0f4c\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\System32\netlogon.dll
[2009/07/14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- F:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 08:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 08:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- F:\Windows\System32\drivers\nvstor.sys
[2011/03/11 08:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 08:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 08:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- F:\794bc4da2d62a8fefe8c\b2662a9ed0d5e63b02478e\2a414b1b883f6e3f2f0f4c\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 04:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- F:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 04:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- F:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-28 21:23:32

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "F:\Windows\System32\ie4uinit.exe" -show [2011/04/08 14:11:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "F:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/08 14:11:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "F:\Windows\System32\ie4uinit.exe" -hide [2011/04/08 14:11:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "F:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/08 14:11:59 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: F:\Program Files\Internet Explorer\iexplore.exe [2011/04/08 14:11:59 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "F:\Users\Fane Duru\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/09/30 18:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "F:\Windows\System32\ie4uinit.exe" -show [2011/04/08 14:11:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "F:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/08 14:11:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "F:\Windows\System32\ie4uinit.exe" -hide [2011/04/08 14:11:59 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "F:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/08 14:11:59 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: F:\Program Files\Internet Explorer\iexplore.exe [2011/04/08 14:11:59 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> F:\Users\Fane Duru\Desktop\My DAP Downloads.lnk:BDU
@Alternate Data Stream - 120 bytes -> F:\ProgramData\TEMP:D5AD7675
@Alternate Data Stream - 112 bytes -> F:\ProgramData\TEMP:2B11E0DF

< End of report >

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Tue 11 Oct 2011, 10:33 pm

and aswMBR.txt log:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-11 13:40:43
-----------------------------
13:40:43.906 OS Version: Windows 6.1.7600
13:40:43.906 Number of processors: 2 586 0x1706
13:40:43.909 ComputerName: FANEDURU-PC UserName: Fane Duru
13:40:51.936 Initialize success
13:40:59.074 AVAST engine defs: 11101100
13:41:03.511 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:41:03.517 Disk 0 Vendor: ST9320325AS D003DEM1 Size: 305245MB BusType: 3
13:41:05.584 Disk 0 MBR read successfully
13:41:05.588 Disk 0 MBR scan
13:41:05.690 Disk 0 Windows 7 default MBR code
13:41:05.729 Disk 0 scanning sectors +625142447
13:41:05.793 Disk 0 scanning F:\Windows\system32\drivers
13:41:25.301 Service scanning
13:41:28.349 Service sptd F:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:41:29.385 Modules scanning
13:41:46.567 Disk 0 trace - called modules:
13:41:46.610 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85d2f1f8]<<
13:41:46.618 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f24030]
13:41:46.663 3 CLASSPNP.SYS[895b259e] -> nt!IofCallDriver -> [0x85e02918]
13:41:46.674 5 ACPI.sys[833ae3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85df3030]
13:41:46.685 \Driver\atapi[0x85dd9278] -> IRP_MJ_CREATE -> 0x85d2f1f8
13:41:47.893 AVAST engine scan F:\Windows
13:41:51.865 AVAST engine scan F:\Windows\system32
13:44:58.189 AVAST engine scan F:\Windows\system32\drivers
13:45:15.877 AVAST engine scan F:\Users\Fane Duru
14:19:29.574 AVAST engine scan F:\ProgramData
14:23:41.726 Scan finished successfully
14:30:18.707 Disk 0 MBR has been saved successfully to "E:\Kituri\GeekPolice method rezolvat virusi\MBR.dat"
14:30:18.811 The log file has been saved successfully to "E:\Kituri\GeekPolice method rezolvat virusi\aswMBR.txt"

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Tue 11 Oct 2011, 10:40 pm

and checkup.txt from Security Check:

Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Bitdefender Total Security 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Microsoft VM for Java
Java(TM) 6 Update 26
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

GeekPolice method rezolvat virusi SecurityCheck.exe
Bitdefender Bitdefender 2012 vsserv.exe
Bitdefender Bitdefender SafeBox safeboxservice.exe
Bitdefender Bitdefender 2012 bdagent.exe
Bitdefender Bitdefender 2012 updatesrv.exe
Bitdefender Bitdefender 2012 pchooklaunch32.exe
Bitdefender Bitdefender 2012 downloader.exe
``````````End of Log````````````

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Wed 12 Oct 2011, 8:06 pm

Like strange behaviour:
I often loose the Quick Launch toolbar from the task bar and in Folder Options - View - 'Don't show hidden files, folders or drives' is ticked even if I keep this option on 'Show hidden files, folders or drives'.
The led indicating HD activity is all the time on...
Everything works slow.

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Fri 14 Oct 2011, 1:34 am

Today I 'received' the first blue screen... I could see only something telling about memory dump.

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Fri 14 Oct 2011, 5:46 am

Can anyone help me, please?

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Wed 19 Oct 2011, 6:49 am

In the meantime I lost my Windows 7 Operation system... Can anybody help me to repair the boot sector?

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Wed 19 Oct 2011, 10:07 pm

I repaired the boot sector.
I found Windows Media Player Network using a lot of resources and I stopped it. I found a Microsoft Security Bulletin considering that a potential critical vulnerability.
Now, all looks more stabile...
But it looks that still nobody is interested in helping me..

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by Belahzur on Sun 23 Oct 2011, 10:08 am

Hello.
Sorry for the delay.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Sun 23 Oct 2011, 11:51 pm

Firstly, thanks for your help!
Yesterday my Bitdefender Total Security was stopped (by virus I think...)
By mistake, I started ComboFix by doubleclicking... After that I started it using Run command. The difference between the two logs looks to be just the deletion part in the first one. I copy it here and after that all the second log:

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\data
f:\data\default\us_sres.data
f:\windows\system\VI30AUT.DLL
.

The second log created as instructed:
ComboFix 11-10-23.01 - Fane Duru 23.10.2011 14:34:55.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.40.1033.18.2046.677 [GMT 3]
Running from: f:\users\Fane Duru\Desktop\commy.exe
Command switches used :: /stepdel
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
2011-10-23 12:31 . 2011-10-23 12:31 -------- d-----w- f:\users\Default\AppData\Local\temp
2011-10-23 10:43 . 2011-10-23 10:43 56200 ----a-w- f:\programdata\Microsoft\Windows Defender\Definition Updates\{6B145099-07C4-49F3-967D-8B80799C1FC0}\offreg.dll
2011-10-23 10:43 . 2011-10-17 23:28 6668624 ----a-w- f:\programdata\Microsoft\Windows Defender\Definition Updates\{6B145099-07C4-49F3-967D-8B80799C1FC0}\mpengine.dll
2011-10-21 21:26 . 2011-10-21 21:26 -------- d-----w- f:\users\Classic .NET AppPool
2011-10-21 21:25 . 2011-10-21 21:25 -------- d-----w- f:\windows\system32\BestPractices
2011-10-21 21:25 . 2011-10-21 21:25 -------- d-----w- F:\inetpub
2011-10-19 21:12 . 2011-10-19 21:12 -------- d-----w- f:\programdata\PreEmptive Solutions
2011-10-19 19:15 . 2011-10-19 19:15 -------- d-----w- f:\programdata\VS
2011-10-13 19:14 . 2011-09-02 19:29 910920 ----a-w- f:\windows\system32\pwNative.exe
2011-10-13 19:14 . 2011-09-02 19:29 16472 ------w- f:\windows\system32\pwdrvio.sys
2011-10-13 19:13 . 2011-09-02 19:29 11104 ------w- f:\windows\system32\pwdspio.sys
2011-10-12 12:59 . 2011-08-17 04:26 465408 ----a-w- f:\windows\system32\psisdecd.dll
2011-10-12 12:59 . 2011-08-17 04:22 75776 ----a-w- f:\windows\system32\psisrndr.ax
2011-10-12 12:59 . 2011-08-17 04:22 72704 ----a-w- f:\windows\system32\Mpeg2Data.ax
2011-10-12 12:59 . 2011-08-17 04:22 59904 ----a-w- f:\windows\system32\MSDvbNP.ax
2011-10-12 12:59 . 2011-08-17 04:22 204288 ----a-w- f:\windows\system32\MSNP.ax
2011-10-12 12:58 . 2011-08-27 04:43 571904 ----a-w- f:\windows\system32\oleaut32.dll
2011-10-12 12:58 . 2011-08-27 04:43 233472 ----a-w- f:\windows\system32\oleacc.dll
2011-10-12 12:58 . 2011-09-06 02:38 2332672 ----a-w- f:\windows\system32\win32k.sys
2011-10-09 19:34 . 2007-11-06 06:06 39472 ----a-w- f:\windows\system32\drivers\hotcore3.sys
2011-10-09 19:34 . 2008-01-21 14:43 247560 ----a-w- f:\windows\system32\prgiso.dll
2011-10-09 19:34 . 2008-01-21 14:43 4244744 ----a-w- f:\windows\system32\qtp-mt334.dll
2011-10-09 19:34 . 2008-01-21 14:43 13576 ----a-w- f:\windows\system32\wnaspi32.dll
2011-10-09 19:31 . 2001-09-05 00:18 225280 ----a-w- f:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-10-09 19:31 . 2001-09-05 00:18 77824 ----a-w- f:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-10-09 19:31 . 2001-09-05 00:14 176128 ----a-w- f:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-10-09 19:31 . 2001-09-05 00:13 32768 ----a-w- f:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-10-09 19:31 . 2003-04-22 11:22 614532 ----a-w- f:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-10-09 19:23 . 2011-10-09 19:23 -------- d-----w- f:\program files\NuGet 1.2
2011-10-09 18:27 . 2011-10-09 18:28 -------- d-----w- f:\program files\Microsoft WebMatrix
2011-10-09 18:09 . 2011-10-09 18:10 -------- d-----w- f:\program files\IIS Express
2011-10-09 15:34 . 2011-10-09 15:34 -------- d-----w- f:\program files\SearchPredict
2011-09-23 21:26 . 2011-09-23 21:26 -------- d-----w- f:\users\Fane Duru\AppData\Local\Help
2011-09-23 21:24 . 2009-08-04 17:56 296960 ----a-w- f:\windows\winhlp32.exe
2011-09-23 21:24 . 2009-08-04 17:55 195072 ----a-w- f:\windows\system32\ftsrch.dll
2011-09-23 21:24 . 2009-08-04 17:55 9216 ----a-w- f:\windows\system32\ftlx0411.dll
2011-09-23 21:24 . 2009-08-04 17:55 10240 ----a-w- f:\windows\system32\ftlx041e.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 10:24 . 2011-09-09 12:03 63056 ----a-w- f:\windows\system32\drivers\bdsandbox.sys
2011-10-21 22:51 . 2011-02-19 08:39 2491200 ----a-w- f:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-10-21 22:34 . 2011-02-19 00:46 204224 ----a-w- f:\programdata\Microsoft\VPDExpress\10.0\1033\ResourceCache.dll
2011-10-19 18:41 . 2011-06-10 07:41 414368 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-21 19:00 . 2011-09-21 19:00 596600 ----a-w- f:\windows\system32\drivers\avc3.sys
2011-09-21 18:59 . 2011-09-21 18:59 454960 ----a-w- f:\windows\system32\drivers\avckf.sys
2011-09-15 14:04 . 2011-09-15 14:04 8024 ----a-w- f:\programdata\Microsoft\Phone Tools\CoreCon\10.0\SDKFilesVer.dll
2011-09-15 14:04 . 2011-09-15 14:04 8024 ----a-w- f:\programdata\Microsoft\Phone Tools\CoreCon\10.0\addons\NonSDKAddonVer.dll
2011-09-15 14:04 . 2011-09-15 14:04 8024 ----a-w- f:\programdata\Microsoft\Phone Tools\CoreCon\10.0\1033\NonSDKAddonLangVer.dll
2011-09-15 14:04 . 2011-09-15 14:04 8016 ----a-w- f:\programdata\Microsoft\Phone Tools\CoreCon\10.0\addons\WPSDKVer.dll
2011-08-07 20:01 . 2011-08-07 20:01 235388 ----a-w- f:\programdata\1312746489.bdinstall.bin
2011-08-07 19:42 . 2011-08-07 19:42 15532 ----a-w- f:\programdata\1312746135.bdinstall.bin
2011-08-07 19:36 . 2011-08-07 19:36 15532 ----a-w- f:\programdata\1312745806.bdinstall.bin
2011-08-07 19:31 . 2011-08-07 19:31 159692 ----a-w- f:\programdata\1312745267.bdinstall.bin
2011-08-05 09:40 . 2011-08-05 09:40 3584 ----a-w- f:\windows\system32\drivers\UMDF\zh-TW\ZuneDriver.dll.mui
2011-08-05 09:40 . 2011-08-05 09:40 3584 ----a-w- f:\windows\system32\drivers\UMDF\zh-CN\ZuneDriver.dll.mui
2011-08-05 09:40 . 2011-08-05 09:40 6144 ----a-w- f:\windows\system32\drivers\UMDF\sv-SE\ZuneDriver.dll.mui
2011-08-05 09:40 . 2011-08-05 09:40 6144 ----a-w- f:\windows\system32\drivers\UMDF\ru-RU\ZuneDriver.dll.mui
2011-08-05 09:40 . 2011-08-05 09:40 6144 ----a-w- f:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
2011-08-05 09:40 . 2011-08-05 09:40 6144 ----a-w- f:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
2011-08-05 09:40 . 2011-08-05 09:40 6144 ----a-w- f:\windows\system32\drivers\UMDF\pl-PL\ZuneDriver.dll.mui
2011-08-05 09:40 . 2011-08-05 09:40 6656 ----a-w- f:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
2011-08-05 09:40 . 2011-08-05 09:40 5632 ----a-w- f:\windows\system32\drivers\UMDF\nb-NO\ZuneDriver.dll.mui
2011-08-05 09:40 . 2011-08-05 09:40 6144 ----a-w- f:\windows\system32\drivers\UMDF\ms-MY\ZuneDriver.dll.mui
2011-08-05 09:40 . 2011-08-05 09:40 4096 ----a-w- f:\windows\system32\drivers\UMDF\ko-KR\ZuneDriver.dll.mui
2011-08-05 09:39 . 2011-08-05 09:39 4608 ----a-w- f:\windows\system32\drivers\UMDF\ja-JP\ZuneDriver.dll.mui
2011-08-05 09:39 . 2011-08-05 09:39 6656 ----a-w- f:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
2011-08-05 09:39 . 2011-08-05 09:39 6144 ----a-w- f:\windows\system32\drivers\UMDF\id-ID\ZuneDriver.dll.mui
2011-08-05 09:39 . 2011-08-05 09:39 6656 ----a-w- f:\windows\system32\drivers\UMDF\hu-HU\ZuneDriver.dll.mui
2011-08-05 09:39 . 2011-08-05 09:39 6144 ----a-w- f:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
2011-08-05 09:39 . 2011-08-05 09:39 6144 ----a-w- f:\windows\system32\drivers\UMDF\fi-FI\ZuneDriver.dll.mui
2011-08-05 09:39 . 2011-08-05 09:39 6656 ----a-w- f:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
2011-08-05 09:39 . 2011-08-05 09:39 6656 ----a-w- f:\windows\system32\drivers\UMDF\el-GR\ZuneDriver.dll.mui
2011-08-05 09:39 . 2011-08-05 09:39 6144 ----a-w- f:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
2011-08-05 09:39 . 2011-08-05 09:39 6144 ----a-w- f:\windows\system32\drivers\UMDF\da-DK\ZuneDriver.dll.mui
2011-08-05 09:39 . 2011-08-05 09:39 5632 ----a-w- f:\windows\system32\drivers\UMDF\cs-CZ\ZuneDriver.dll.mui
2011-08-05 09:26 . 2011-08-05 09:26 6144 ----a-w- f:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "f:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-01-24 15:45 89008 ------w- f:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
2011-09-27 11:03 502424 ----a-w- f:\program files\SearchPredict\SearchPredict.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "f:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [2011-01-24 89008]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2011-10-23 10:24 232920 ----a-w- f:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2011-10-23 10:24 232920 ----a-w- f:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2011-10-23 10:24 232920 ----a-w- f:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2011-10-23 10:24 232920 ----a-w- f:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="f:\program files\DAP\DAP.EXE" [2011-02-16 2835968]
"Sidebar"="f:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"NokiaPCInternetAccess"="f:\program files\Nokia\PC Internet Access\NPCIA.exe" [2009-05-26 651264]
"NokiaOviSuite2"="f:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-06-29 966712]
"Messenger (Yahoo!)"="f:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"NVHotkey"="f:\windows\system32\nvHotkey.dll" [2009-08-19 92704]
"SynTPEnh"="f:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"UIExec"="e:\programe windows 7\Join Air\UIExec.exe" [2009-10-10 132096]
"Windows Mobile Device Center"="f:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BDAgent"="f:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2011-10-23 1146536]
"OEM13Mon.exe"="f:\windows\OEM13Mon.exe" [2008-01-08 36864]
"DELL Webcam Manager"="f:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Zune Launcher"="f:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
.
f:\users\Fane Duru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
KBHook.exe - Shortcut.lnk - e:\vb\VB.NET\Key Logger cu Tutorial\KBHook\bin\Debug\KBHook.exe [2011-6-16 181248]
MagicDisc.lnk - e:\programe windows 7\MagicDisc\MagicDisc.exe [2011-6-26 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - f:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-27 97680]
.
f:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - f:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "e:\programe windows 7\Qualcomm\Eudora\EuShlExt.dll" [2005-08-09 86016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Serviciul Google Update (gupdate);f:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 135664]
R2 UI Assistant Service;UI Assistant Service;e:\programe windows 7\Join Air\AssistantServices.exe [2009-10-10 246272]
R3 avckf;avckf;f:\windows\system32\DRIVERS\avckf.sys [2011-09-21 454960]
R3 BBSvc;Bing Bar Update Service;f:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 bdsandbox;bdsandbox;f:\windows\system32\drivers\bdsandbox.sys [2011-10-23 63056]
R3 gupdatem;Serviciul Google Update (gupdatem);f:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;f:\windows\system32\drivers\massfilter.sys [2009-09-27 9216]
R3 pwdrvio;pwdrvio;f:\windows\system32\pwdrvio.sys [2011-09-02 16472]
R3 pwdspio;pwdspio;f:\windows\system32\pwdspio.sys [2011-09-02 11104]
R3 Revoflt;Revoflt;f:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 Update Server;BitDefender Update Server v2;f:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-23 307544]
R3 VSPerfDrv100;Performance Tools Driver 10.0;f:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2011-01-18 54144]
R3 WatAdminSvc;Windows Activation Technologies Service;f:\windows\system32\Wat\WatAdminSvc.exe [2011-02-14 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;f:\windows\system32\DRIVERS\wdcsam.sys [2008-05-07 11520]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;f:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;f:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;f:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);f:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;f:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 avc3;avc3;f:\windows\system32\DRIVERS\avc3.sys [2011-09-21 596600]
S0 hotcore3;hotcore3;f:\windows\system32\drivers\hotcore3.sys [2007-11-06 39472]
S0 O2MDRDR;O2MDRDR;f:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S0 sptd;sptd;f:\windows\System32\Drivers\sptd.sys [2011-06-25 722416]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;f:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-03-01 74320]
S1 bdfwfpf;bdfwfpf;f:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-09-09 90704]
S1 BDVEDISK;BDVEDISK;f:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 85128]
S1 vwififlt;Virtual WiFi Filter Driver;f:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 MsDepSvc;Web Deployment Agent Service;f:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
S2 SafeBox;SafeBox;f:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2011-10-23 66608]
S2 UPDATESRV;BitDefender Desktop Update Service;f:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2011-10-23 50128]
S2 WebFarmService;Web Farm Controller Service;f:\program files\IIS\Microsoft Web Farm Framework\WebFarmService.exe [2011-10-12 15600]
S3 avchv;avchv Function Driver;f:\windows\system32\DRIVERS\avchv.sys [2011-07-15 240184]
S3 BthAvrcp;Bluetooth AVRCP Profile;f:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;f:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;f:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-29 235840]
S3 RTL8167;Realtek 8167 NT Driver;f:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-23 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 01:17]
.
2011-10-23 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 01:17]
.
2011-10-21 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1098476408-3626734880-3832598549-1000Core.job
- f:\users\Fane Duru\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-27 11:23]
.
2011-10-23 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1098476408-3626734880-3832598549-1000UA.job
- f:\users\Fane Duru\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-27 11:23]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = about:blank
IE: &Clean Traces - f:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - f:\program files\DAP\dapextie.htm
IE: Append Link Target to Existing PDF - f:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download &all with DAP - f:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - f:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - f:\program files\Ant.com\IE add-on\Download.dll
TCP: DhcpNameServer = 82.76.253.115 192.168.0.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - f:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - f:\progra~1\DAP\dapie.dll
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"f:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-23 15:37:01
ComboFix-quarantined-files.txt 2011-10-23 12:37
ComboFix2.txt 2011-10-23 11:23
.
Pre-Run: 27.506.520.064 bytes free
Post-Run: 27.438.186.496 bytes free
.
- - End Of File - - 798EF1B5EBB7ECE4976C71B8B39DB16A

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by Belahzur on Tue 25 Oct 2011, 8:22 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Wed 26 Oct 2011, 6:46 pm

Here is the log:

esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=72e8b550ce8dcf4c9d335164da85f63b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-25 11:04:44
# local_time=2011-10-26 02:04:44 (+0200, GTB Daylight Time)
# country="Romania"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 71207169 0 0
# compatibility_mode=8192 67108863 100 0 37045 37045 0 0
# scanned=290956
# found=4
# cleaned=2
# scan_time=7907
F:\Program Files\Bitdefender\Bitdefender 2012\as2core\AntiSpam_32232_2767\as2sign.slf HTML/Iframe.B.Gen virus

(unable to clean) 00000000000000000000000000000000 I
F:\Program Files\Bitdefender\Bitdefender 2012\as2core\AntiSpam_32235_2768\as2sign.slf HTML/Iframe.B.Gen virus

(unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\ReviverSoft\RegistryReviver\InstallCache\{E31E4E05-4B6B-42A5-

8623-EB530F8147F5}\RegistryReviver.msi a variant of Win32/SlowPCfighter application (deleted - quarantined)

00000000000000000000000000000000 C
C:\Documents and Settings\IVangu\My Documents\My DAP Downloads\SoftonicDownloader_for_directx.exe.dap a variant of

Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000

C

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Wed 26 Oct 2011, 9:23 pm

Like clafirication it looks that the virus took my account name, password and address book entries and sent mails not using my Outlook. It did that in moments when I did not have the computer on. I am from Romania and I found in the outentification log of the mail account connections from Italy and Japan. After changing the password it did not send mails any more...

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by Belahzur on Mon 31 Oct 2011, 12:22 pm

Hello.
Yep, that's all this was, you got caught with a phishing attack. A change of password stops it.

This should be fine now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Mon 31 Oct 2011, 8:41 pm

Thanks for your help!
I just hope that's all this was... But I am still worried because of Internet Explorer which uses a lot of RAM and sometimes usually when IE is started everything goes very slow event freezes. Three minutes before when I tried to reply all computer was blocked except mouse arrow... When I pressed Alt + [Tab] the window showing open windows appeared but I could move between them. I had to stop it pressing the start button more then 10 sec.
Can we dig a little deeper, please?

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by Belahzur on Thu 03 Nov 2011, 12:51 pm

Yep.

To disable CD Emulation programs using DeFogger please perform these steps:

  1. Please download DeFogger to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Disable button to disable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.


Please re-run aswMBR and post a new log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Thu 03 Nov 2011, 8:00 pm

May I know why should we CD emulation drives? I used to have a virtual CD (using MagicISO) which is gone now...

This is the asvMBR log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-03 10:43:06
-----------------------------
10:43:06.922 OS Version: Windows 6.1.7600
10:43:06.922 Number of processors: 2 586 0x1706
10:43:06.924 ComputerName: FANEDURU-PC UserName: Fane Duru
10:43:14.994 Initialize success
10:50:20.509 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:50:20.535 Disk 0 Vendor: ST9320325AS D003DEM1 Size: 305245MB BusType: 3
10:50:22.588 Disk 0 MBR read successfully
10:50:22.595 Disk 0 MBR scan
10:50:22.601 Disk 0 Windows 7 default MBR code
10:50:22.622 Disk 0 scanning sectors +625137345
10:50:22.705 Disk 0 scanning F:\Windows\system32\drivers
10:50:32.034 Service scanning
10:50:34.438 Modules scanning
10:50:44.266 Disk 0 trace - called modules:
10:50:44.300 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
10:50:44.304 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8606b480]
10:50:44.309 3 CLASSPNP.SYS[8947559e] -> nt!IofCallDriver -> [0x85f98918]
10:50:44.314 5 ACPI.sys[838233b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85f86030]
10:50:44.669 Scan finished successfully
10:51:14.720 Disk 0 MBR has been saved successfully to "E:\Kituri\GeekPolice method rezolvat virusi\MBR.dat"
10:51:14.731 The log file has been saved successfully to "E:\Kituri\GeekPolice method rezolvat virusi\aswMBR.txt"

After finishing of aswMBR work I pressed FixMBR button but I choose 'No' in the next screen stopping the process. Should I press FixMBR?
Besides that it looks that my antivirus has been stopped. Is that a normal behaviour of Defogger?

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by Belahzur on Sat 05 Nov 2011, 2:31 am

Possibly, yes.

Your first aswMBR log showed there was unknown non-MS written code launching in your MBR. We like to remove that cause to tell whether it's malicious or not, as there is a few legit programs that like to do this.

Yours is legit, the code was removed and the log shows it was fine. You can re-enable anything that Defogger disabled.

To enable CD Emulation programs using DeFogger please perform these steps:

  1. Please download DeFogger to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.


Your logs look fine.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Sat 05 Nov 2011, 3:04 am

OK. Thanks!
I reenabled CD Emulation.

It looks that my laptop goes slow only when Internet Explorer is started. Today I desabled all IE add-ons. Is it something else you suggest to help me solving the problem?

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by Belahzur on Wed 09 Nov 2011, 11:45 am

Hmm, is it just Internet Explorer?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Wed 09 Nov 2011, 10:06 pm

I can not be very sure but when IE is started it has more sessions opened then IE windows each window using a lot of memory. I use IE 8 and I know about its 'habit' to open a 'spare' process in order to help recovering. I use this IE 8 since 2010 without having such troubles until now... Maybe another process has been started and in combination with IE such a behaviour happens...
What else do you suggest to tray?

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by Belahzur on Mon 14 Nov 2011, 11:26 am

We honestly don't recommend the use of IE at all, we recommend our users to switch to Google Chrome.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Virus sending mails

Post by vangui on Mon 14 Nov 2011, 9:39 pm

I use Chrome, too. But I have some scripts checking Gmail and Yahoo mail accounts using IE automation. Sometimes they stop unexpectedly and some IE hidden windows and processes remains using a lot of memory. I have another script able to kill those hidden windows which I use it from time to time and I solve in this way the memory problem. What is strange is the fact that I din not face such a behaviour some months ago... Something wrong happened in the meantime... I was afraid of a virus...

vangui

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2010-09-19
Operating System : Windows 7

View user profile

Back to top Go down

Re: Virus sending mails

Post by Sponsored content Today at 12:47 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum