VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by ntb at 2012-05-24 18:38:55
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 233 GB (81%) free of 289 GB
Total RAM: 1787 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:39:30, on 24. 5. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\ntb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb139?a=6OyCOBN9Bd&i=26
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000& ... 4BE194B137}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: RealoreStudios Toolbar - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - C:\Program Files (x86)\RealoreStudios\tbReal.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O3 - Toolbar: RealoreStudios Toolbar - {03fee850-0101-4e9e-b6d4-6fc74d3db360} - C:\Program Files (x86)\RealoreStudios\tbReal.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\RunOnce: [TheBflixUpdater] "C:\ProgramData\TheBflixUpdater\updater.exe" /schedule /profilepath "C:\ProgramData\TheBflixUpdater\profile.ini"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Get all flash - C:\PROGRA~2\CFLASH~1\source.html
O9 - Extra button: Cool Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\PROGRA~2\CFLASH~1\source.html
O9 - Extra 'Tools' menuitem: &Search SWF Files - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\PROGRA~2\CFLASH~1\source.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A26E1D3-D8E7-45A0-9B04-624DAF98CD45}: NameServer = 213.151.200.30 213.151.208.161
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17500 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\PROGRA~2\AVG\AVG10\avgchsva.exe /boot
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 4868688
\??\C:\Windows\system32\conhost.exe "931177027-1754416434-1305941573-2085204366-894003874561470603-1423068360-1814460363
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files (x86)\AVG\AVG10\avgfws.exe"
"C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe"
C:\ProgramData\DatacardService\DCService.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe"
"C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe"
"C:\Program Files\Web Assistant\ExtensionUpdaterService.exe"
"C:\Program Files (x86)\AVG\AVG10\avgam.exe"
"C:\Program Files (x86)\AVG\AVG10\avgnsa.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe" /TUStart /pid:2264
"C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"
WLIDSvcM.exe 2480
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-972b07ab-b25d-4174-9923-68341e18397a -SystemEventPortName:HostProcess-5d5f78f0-093c-42aa-8483-65f465ffbc11 -IoCancelEventPortName:HostProcess-2b6b409c-0f16-4253-b401-8bed28c2a22a -NonStateChangingEventPortName:HostProcess-b51c5d6e-5fce-45c1-9909-78fccb53ad26 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:1cf9f54d-d2c2-476e-b033-dbfa06598e1c
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"
"C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\Program Files (x86)\AVG\AVG10\avgtray.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe /pipeName=d0b7733f-bf2a-4256-80dd-6111b50ca435 /coreSdkOptions=18 /logConfFile="C:\ProgramData\AVG10\temp\d9545d34-5c5c-4108-8845-9368c4362651-984-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG10\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg10" /tempPath="C:\ProgramData\AVG10\temp\"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe"
"C:\Program Files\Realtek\RtVOsd\RtVOsd.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/14/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="4740.2.1563314932\510761" /prefetch:3
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/14/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="4740.3.1048080001\973135628" /prefetch:3
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4740.4.1441170235\817393794" --reduce-gpu-sandbox --disable-image-transport-surface /prefetch:12
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\ntb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.440_0\npbrowserext.dll" --lang=sk --channel="4740.5.340888389\84769860" /prefetch:4
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\ntb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll" --lang=sk --channel="4740.6.575329341\1094593636" /prefetch:4
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/14/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="4740.8.266850971\1395756110" /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\ntb\AppData\Local\Google\Chrome\APPLIC~1\190108~1.46\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\ntb\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll" --lang=sk --channel="4740.9.978100490\1590715392" --flash-broker=3428 /prefetch:4
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe /pipeName=9ea27d1e-86e1-4928-b82e-9d13bccdbe2c /coreSdkOptions=30 /logConfFile="C:\ProgramData\AVG10\temp\dc904860-a1f4-4462-9d9c-386293e36248-f24-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG10\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg10" /tempPath="C:\ProgramData\AVG10\temp\"
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /INSTALL
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe" /SCANCONT C:\Users\ntb\AppData\Local\Temp\ST_c341a.txt /ELEVATED
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/14/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="4740.13.484525143\2053258083" /prefetch:3
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\ntb\Desktop\RSITX64.EXE"
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2849938400-382112921-2583456742-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2849938400-382112921-2583456742-1000UA.job
C:\Windows\tasks\HPCeeScheduleForntb.job
C:\Windows\tasks\TheBflixUpdaterLogonTask.job
C:\Windows\tasks\TheBflixUpdaterRefreshTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
Web Assistant - C:\Program Files\Web Assistant\Extension64.dll [2012-05-08 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll [2011-09-09 3561824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-10 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03fee850-0101-4e9e-b6d4-6fc74d3db360}]
RealoreStudios Toolbar - C:\Program Files (x86)\RealoreStudios\tbReal.dll [2009-11-09 2331672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
C:\PROGRA~2\SITERA~1\SiteRank.dll [2012-01-30 357080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll [2011-06-29 1937736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
Web Assistant - C:\Program Files\Web Assistant\Extension32.dll [2012-05-08 162816]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\avgssie.dll [2011-09-09 2276704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
Incredibar.com Helper Object - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll [2012-01-22 261632]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-01-15 138624]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
AppGraffiti - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL [2012-01-31 267976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll [2012-05-22 1451336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll [2010-04-14 549720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~2\INBOXT~1\Inbox.dll [2012-01-11 874664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetPacks Browser Helper - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-04-24 1310000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100 - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll [2010-04-14 549720]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll [2011-06-29 1937736]
{03fee850-0101-4e9e-b6d4-6fc74d3db360} - RealoreStudios Toolbar - C:\Program Files (x86)\RealoreStudios\tbReal.dll [2009-11-09 2331672]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2011-08-17 1055808]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~2\INBOXT~1\Inbox.dll [2012-01-11 874664]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetPacks Toolbar for Internet Explorer - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-04-24 1310000]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14 237680]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll [2012-05-22 1451336]
{F9639E4A-801B-4843-AEE3-03D9DA199E77} - Incredibar Toolbar - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll [2012-01-22 270336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-04-23 2097960]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-05-26 6245408]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2012-03-27 2786480]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2012-03-27 3669680]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-09-08 39408]
"MobileDocuments"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [2012-02-23 59240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisorDock]
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [2010-02-10 1712184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-06-19 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-03-27 421736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
~C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup]
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-08 1157976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2010-08-02 402944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
C:\Program Files (x86)\AVG Secure Search\vprot.exe [2012-05-22 218440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2011-06-30 74752]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-06-17 98304]
"Bing Bar"=C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe [2010-04-14 243544]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-11-12 288088]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-06-30 602168]
"SweetIM"=C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [2012-02-16 114992]
"Sweetpacks Communicator"=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [2012-02-26 295728]
"AVG_TRAY"=C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2012-01-17 2339168]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"TheBflixUpdater"=C:\ProgramData\TheBflixUpdater\updater.exe [2012-05-24 229888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2010-07-10 52920]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backitup.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\coverdes.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\discspeed.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drivespeed.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gameconsole-wt.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infotool.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lightscribecontrolpanel.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lslauncher.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nero.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neroburnrights.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerohome.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neromediahome.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerorescueagent.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neroscoutoptions.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerostartsmart.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerovision.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nobuagent.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nobuclient.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photosnap.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photosnapviewer.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recode.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupx.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showtime.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soundtrax.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\waveedit.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-24 18:38:57 ----D---- C:\Program Files\trend micro
2012-05-24 18:38:55 ----D---- C:\rsit
2012-05-24 18:21:48 ----A---- C:\Windows\system32\drivers\stflt.sys
2012-05-24 18:21:47 ----D---- C:\Users\ntb\AppData\Roaming\Spyware Terminator
2012-05-24 18:21:47 ----D---- C:\ProgramData\Spyware Terminator
2012-05-24 18:21:42 ----D---- C:\Program Files (x86)\Spyware Terminator
2012-05-24 15:42:29 ----D---- C:\Users\ntb\AppData\Roaming\Malwarebytes
2012-05-24 15:42:14 ----D---- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-05-24 15:42:11 ----D---- C:\ProgramData\Malwarebytes
2012-05-24 11:00:43 ----D---- C:\Program Files (x86)\Incredibar.com
2012-05-24 11:00:42 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-05-24 11:00:35 ----D---- C:\Program Files\Web Assistant
2012-05-24 10:59:44 ----D---- C:\ProgramData\TheBflixUpdater
2012-05-24 10:59:12 ----D---- C:\ProgramData\InstallMate
2012-05-24 10:57:08 ----D---- C:\Users\ntb\AppData\Roaming\Azureus
2012-05-24 10:56:38 ----D---- C:\Program Files (x86)\Vuze
2012-05-24 09:25:10 ----D---- C:\Windows\pss
2012-05-22 20:22:14 ----A---- C:\Windows\system32\TURegOpt.exe
2012-05-22 20:22:11 ----A---- C:\Windows\system32\authuitu.dll
2012-05-22 20:22:10 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2012-05-22 20:20:44 ----D---- C:\Program Files (x86)\AVG Secure Search
2012-05-22 20:19:22 ----D---- C:\Users\ntb\AppData\Roaming\TuneUp Software
2012-05-22 20:17:59 ----D---- C:\Program Files (x86)\TuneUp Utilities 2012
2012-05-22 20:16:46 ----D---- C:\Program Files\Defraggler
2012-05-22 20:16:02 ----D---- C:\ProgramData\TuneUp Software
2012-05-22 20:15:51 ----SHD---- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-05-22 20:14:57 ----D---- C:\Users\ntb\AppData\Roaming\WinRAR
2012-05-22 19:55:48 ----D---- C:\Program Files\CCleaner
2012-05-22 14:38:43 ----D---- C:\Users\ntb\AppData\Roaming\NeroDCTemplates
2012-05-10 12:00:33 ----A---- C:\Windows\system32\DWrite.dll
2012-05-10 12:00:32 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-10 12:00:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-10 12:00:20 ----A---- C:\Windows\system32\win32k.sys
2012-05-10 12:00:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-10 12:00:16 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-10 11:59:22 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-10 11:59:10 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-05 19:15:19 ----SHD---- C:\Config.Msi
2012-05-05 19:12:30 ----D---- C:\Program Files (x86)\BabylonToolbar
2012-05-05 19:12:25 ----A---- C:\user.js
2012-05-05 19:12:10 ----D---- C:\Users\ntb\AppData\Roaming\OnLine TV Lite
2012-05-05 19:12:09 ----D---- C:\Program Files (x86)\OnLine TV Lite
2012-05-05 19:12:06 ----D---- C:\ProgramData\Babylon
2012-05-05 19:12:04 ----D---- C:\Users\ntb\AppData\Roaming\Babylon
2012-05-05 19:12:00 ----D---- C:\ProgramData\IBUpdaterService
2012-05-05 18:51:43 ----D---- C:\ProgramData\SweetIM
2012-05-05 18:51:43 ----D---- C:\Program Files (x86)\SweetIM
2012-05-05 18:50:16 ----D---- C:\Program Files (x86)\cflashplayer
2012-05-05 09:33:34 ----D---- C:\Program Files (x86)\HP
2012-05-05 09:28:41 ----D---- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

======List of files/folders modified in the last 1 month======

2012-05-24 18:39:23 ----D---- C:\Windows\Temp
2012-05-24 18:38:57 ----RD---- C:\Program Files
2012-05-24 18:29:21 ----D---- C:\Windows\system32\config
2012-05-24 18:21:54 ----D---- C:\Windows\system32\drivers
2012-05-24 18:21:49 ----D---- C:\Windows\inf
2012-05-24 18:21:47 ----HD---- C:\ProgramData
2012-05-24 18:21:42 ----D---- C:\Program Files (x86)
2012-05-24 18:18:42 ----D---- C:\Windows\SoftwareDistribution
2012-05-24 18:17:53 ----D---- C:\Windows
2012-05-24 18:15:27 ----D---- C:\Windows\Tasks
2012-05-24 18:15:22 ----D---- C:\Windows\SysWOW64
2012-05-24 17:53:34 ----D---- C:\Windows\tracing
2012-05-24 15:44:48 ----D---- C:\Windows\SYSWOW64\drivers
2012-05-24 12:58:14 ----D---- C:\Windows\system32\drivers\AVG
2012-05-24 10:59:49 ----D---- C:\Windows\system32\Tasks
2012-05-24 10:55:47 ----D---- C:\Windows\Prefetch
2012-05-24 09:24:09 ----SD---- C:\ProgramData\Microsoft
2012-05-22 20:54:35 ----SHD---- C:\System Volume Information
2012-05-22 20:53:58 ----SHD---- C:\Windows\Installer
2012-05-22 20:36:56 ----SHD---- C:\$Recycle.Bin
2012-05-22 20:22:14 ----D---- C:\Windows\System32
2012-05-22 20:20:45 ----D---- C:\Program Files (x86)\Common Files
2012-05-22 20:17:07 ----D---- C:\Windows\system32\catroot2
2012-05-22 20:14:54 ----D---- C:\Program Files\Winrar
2012-05-22 20:10:16 ----D---- C:\Users\ntb\AppData\Roaming\Winamp
2012-05-22 20:10:15 ----D---- C:\Users\ntb\AppData\Roaming\Skype
2012-05-22 20:09:55 ----D---- C:\Windows\Panther
2012-05-22 20:09:55 ----D---- C:\Windows\ModemLogs
2012-05-22 20:09:55 ----D---- C:\Windows\Logs
2012-05-22 20:09:55 ----D---- C:\Windows\debug
2012-05-22 19:40:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-22 14:32:33 ----D---- C:\Users\ntb\AppData\Roaming\Nitro PDF
2012-05-22 10:46:39 ----D---- C:\Windows\Microsoft.NET
2012-05-22 10:46:36 ----RSD---- C:\Windows\assembly
2012-05-11 10:54:50 ----D---- C:\Windows\winsxs
2012-05-10 21:52:56 ----A---- C:\Windows\system32\MRT.exe
2012-05-10 21:48:04 ----D---- C:\Windows\system32\catroot
2012-05-06 19:11:30 ----SD---- C:\Users\ntb\AppData\Roaming\Microsoft
2012-05-05 19:21:42 ----A---- C:\Windows\NeroDigital.ini
2012-05-05 18:48:04 ----D---- C:\Users\ntb\AppData\Roaming\ICQ
2012-05-05 09:39:30 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-05-05 09:38:50 ----D---- C:\Windows\Help
2012-05-05 09:31:01 ----D---- C:\Program Files (x86)\Hewlett-Packard
2012-05-05 09:26:10 ----D---- C:\SwSetup
2012-05-04 08:25:52 ----D---- C:\Windows\system32\wfp
2012-05-04 08:25:52 ----D---- C:\Windows\system32\DriverStore
2012-05-04 08:25:50 ----D---- C:\Windows\system32\CodeIntegrity
2012-05-04 08:25:46 ----D---- C:\Windows\system32\wbem
2012-05-04 08:25:46 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-08-24 16440]
R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2010-07-12 57696]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/09/06 15:08:52]; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 146928]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2012-05-24 51496]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-06-17 6403072]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-06-17 188928]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-07-12 3060800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2010-08-24 91648]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 86016]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-05-26 2374560]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-04-23 318000]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-03-29 11856]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2011-10-03 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2011-10-03 27176]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tswNT;toolstar*testWIN support driver; \??\C:\Users\ADMINI~1\AppData\Local\Temp\00132654\tswnt.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-06-17 202752]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 DCService.exe;DCService.exe; C:\ProgramData\DatacardService\DCService.exe [2010-09-29 249856]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-19 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
R2 RtVOsdService;RtVOsdService Installer; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-01-15 242048]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-03-27 1148632]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-04-05 2143552]
R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2012-05-22 246600]
R2 Web Assistant Updater;Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-03-28 799800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-08 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-06-08 153808]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-07 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
S4 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-27 934760]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-05-19 73728]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S4 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-08 2804568]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

-----------------EOF-----------------

Zdravím.

Vydž minutku, na logu se intenzivně pracuje.

No máš to zaliskané jako auto po Rallye Bohemia, člověče. Zaliskané a přeutilizované. Budeme hafo odebírat.

Odinstaluj Spyware Terminator nebo ho alespoň odeber ze spouštění při startu systému a z rezidentní ochrany, pokud to jde. Já myslím, že nejde, ale nejsem si jistý. Pokud to nejde, odinstaluj ho, tluče se Ti s antivirem, který běží také jako rezidentní štít. Já osobně používám a doporučuji jako antispy program SUPERAntiSpyware, který lze vypnout ze spouštění při startu systému a z rezidentní ochrany a používat jej jen v případě potřeby ručně.
Také program TuneUp Utilities 2012 doporučuji svižně odinstalovat. Pokud budeš jeho prostřednictvím něco v systému měnit, jsi na nejlepší cestě poškodit systém. Takové jsou naše zkušenosti.
Dále odinstaluj SweetIM - je to zdržovadlo až skoro havěť.
A nakonec ten největší bordel, co tam máš, takže pokud je tam najdeš, tak v nabídce Přidat nebo odebrat programy odinstaluj tyto toolbary:
MSN Toolbar, Winamp Toolbar, RealoreStudios Toolbar, ICQToolBar, &Inbox Toolbar, Google Toolbar, SweetPacks Toolbar for Internet Explorer, Babylon Toolbar, Incredibar Toolbar a pokud to jde, tak i AVG Security Toolbar.
Jsou to veliká "zdržovadla" systému a v případě například Ask.com Toolbar, Conduit Engine a dalších se dá hovořit už i o havěti. A Ty jich tam máš opravdu dost nechutnou sbírku.

Všechno to pečlivě proveď a napiš, jak jsi dopadl a až budeš hotov, budeme pokračovat, máme toho před sebou ještě více.

zdravim a pekny den prajem takže všetko čo bolo napisane som už vymazal ale ten MSN Toolbar, som nenašiel v odebrat.

OK, výborně. Nevadí, když tam není nebo nejde odebrat, odpálím ho později přes script.


PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK
Stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypni všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary apod.
• Vypni všechny běžící aplikace - ICQ, Skype, browsery, prostě všechny programy, ať běží pouze ComboFix.
• Pokud máš Win XP, spusť pod účtem Správce/Administrator.
• Pokud máš Win Vista či Win 7, klikni na ComboFix pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Ihned po startu se zobrazí stránka s licenčním ujednáním - pokračuj kliknutím na [Ano].
• Pokud Ti ComboFix nabídne instalaci Konzoly pro zotavení, tak souhlas.
• Dále postupuj dle pokynů. Během scanu nech PC naprosto v klidu - nespouštěj žádné aplikace a neklikej do zobrazujícího se okna!
• Scan by měl trvat cca 10 min, ale pokud bude PC hodne zaneseno, může se čas samozřejmě prodloužit.
• Po dokončení scanu a případném restartu ComboFix zobrazí log, který případně najdeš v C:\ComboFix.txt. Jeho obsah mi sem vlož.
• Detailní postup včetně obrázků najdeš zde: http://www.bleepingcomputer.com/combofi ... t-combofix

zdravim takze ten combofix my vzdy nejak zamrzne prvikrat my to zamrzlo pri skenovany asi n 5stage teraz zasa pri deleting files pise ze Deleting Files:
C:\Program Files\Web Assistant\ExTEnsion32.dll
C:\Windows\iun6002.exe lenze to nejak stale stoji rovnako nic sa nedeje

Spusť ComboFix znova, ale v Nouzovém režimu.

ComboFix 12-05-25.02 - ntb . 05. 2012 14:13:00.7.1 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.1787.1029 [GMT 2:00]
Running from: c:\users\ntb\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 12:19 . 2012-05-28 12:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-28 12:06 . 2012-05-28 12:06 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-05-28 12:06 . 2012-05-28 12:06 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-05-28 12:06 . 2012-05-28 12:06 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-05-28 12:06 . 2012-05-28 12:06 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-05-28 12:06 . 2012-05-28 12:06 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-05-28 12:06 . 2012-05-28 12:06 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-05-28 12:06 . 2012-05-28 12:06 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-05-28 12:06 . 2012-05-28 12:06 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-05-28 12:06 . 2012-05-28 12:06 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-05-28 12:06 . 2012-05-28 12:06 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-05-28 12:06 . 2012-05-28 12:06 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-05-28 12:06 . 2012-05-28 12:06 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-05-28 12:05 . 2012-05-28 12:05 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-05-28 12:05 . 2012-05-28 12:05 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-05-28 12:05 . 2012-05-28 12:05 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-05-28 12:05 . 2012-05-28 12:05 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-05-28 12:05 . 2012-05-28 12:05 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-05-25 08:23 . 2012-05-25 08:28 -------- d-----w- c:\users\ntb\AppData\Roaming\AIMP
2012-05-25 08:23 . 2012-05-25 08:23 -------- d-----w- c:\program files (x86)\AIMP2
2012-05-24 17:32 . 2012-05-24 17:32 -------- d-----w- c:\programdata\Spyware Terminator
2012-05-24 16:38 . 2012-05-24 16:39 -------- d-----w- c:\program files\trend micro
2012-05-24 16:38 . 2012-05-24 16:39 -------- d-----w- C:\rsit
2012-05-24 16:21 . 2012-05-24 16:21 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-05-24 16:21 . 2012-05-24 17:30 -------- d-----w- c:\program files (x86)\Spyware Terminator
2012-05-24 13:42 . 2012-05-24 13:42 -------- d-----w- c:\users\ntb\AppData\Roaming\Malwarebytes
2012-05-24 13:42 . 2012-05-24 16:13 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-05-24 13:42 . 2012-05-24 13:42 -------- d-----w- c:\programdata\Malwarebytes
2012-05-24 09:00 . 2012-05-28 08:46 -------- d-----w- c:\program files\Web Assistant
2012-05-24 08:59 . 2012-05-24 13:59 -------- d-----w- c:\programdata\TheBflixUpdater
2012-05-24 08:59 . 2012-05-24 08:59 -------- d-----w- c:\programdata\InstallMate
2012-05-24 08:57 . 2012-05-24 08:57 -------- d-----w- c:\users\ntb\.swt
2012-05-24 08:57 . 2012-05-24 16:16 -------- d-----w- c:\users\ntb\AppData\Roaming\Azureus
2012-05-24 08:56 . 2012-05-24 08:56 -------- d-----w- c:\program files (x86)\Vuze
2012-05-22 18:19 . 2012-05-22 18:19 -------- d-----w- c:\users\ntb\AppData\Roaming\TuneUp Software
2012-05-22 18:16 . 2012-05-22 18:17 -------- d-----w- c:\program files\Defraggler
2012-05-22 18:16 . 2012-05-22 18:22 -------- d-----w- c:\programdata\TuneUp Software
2012-05-22 18:15 . 2012-05-22 18:15 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-05-22 17:55 . 2012-05-22 17:55 -------- d-----w- c:\program files\CCleaner
2012-05-22 12:38 . 2012-05-22 12:38 -------- d-----w- c:\users\ntb\AppData\Roaming\NeroDCTemplates
2012-05-10 10:00 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 10:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 10:00 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 10:00 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 10:00 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 10:00 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 09:59 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 09:59 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 09:58 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 09:58 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-05 17:12 . 2012-05-24 09:00 1945 ----a-w- C:\user.js
2012-05-05 17:12 . 2012-05-05 17:12 -------- d-----w- c:\users\ntb\AppData\Roaming\OnLine TV Lite
2012-05-05 17:12 . 2012-05-05 17:12 -------- d-----w- c:\program files (x86)\OnLine TV Lite
2012-05-05 17:12 . 2012-05-05 17:12 -------- d-----w- c:\users\ntb\AppData\Local\Babylon
2012-05-05 17:12 . 2012-05-05 17:12 -------- d-----w- c:\programdata\Babylon
2012-05-05 17:12 . 2012-05-05 17:12 -------- d-----w- c:\users\ntb\AppData\Roaming\Babylon
2012-05-05 17:12 . 2012-05-24 16:09 -------- d-----w- c:\programdata\IBUpdaterService
2012-05-05 16:52 . 2012-05-22 18:10 -------- d-----w- c:\users\ntb\Tracing
2012-05-05 16:51 . 2012-05-25 07:40 -------- d-----w- c:\programdata\SweetIM
2012-05-05 16:51 . 2012-05-25 07:40 -------- d-----w- c:\program files (x86)\SweetIM
2012-05-05 16:50 . 2012-05-06 18:40 -------- d-----w- c:\program files (x86)\cflashplayer
2012-05-05 07:33 . 2012-05-05 07:33 -------- d-----w- c:\program files (x86)\HP
2012-05-05 07:28 . 2012-05-05 07:28 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 06:46 . 2012-04-15 18:19 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-15 18:19 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-15 18:19 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-15 18:19 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-15 18:19 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-15 18:19 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-15 18:19 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2012-01-30 02:30 357080 ----a-w- c:\progra~2\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"TheBflixUpdater"="c:\programdata\TheBflixUpdater\updater.exe" [2012-05-24 229888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"BDRegion"=c:\program files (x86)\Cyberlink\Shared files\brs.exe
"Easybits Recovery"=c:\program files (x86)\EasyBits For Kids\ezRecover.exe
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
.
R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-09-29 249856]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-06-08 153808]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tswNT;toolstar*testWIN support driver;c:\users\ADMINI~1\AppData\Local\Temp\00132654\tswnt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 06:29]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 06:29]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2849938400-382112921-2583456742-1000Core.job
- c:\users\ntb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-17 18:06]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2849938400-382112921-2583456742-1000UA.job
- c:\users\ntb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-17 18:06]
.
2012-05-11 c:\windows\Tasks\HPCeeScheduleForntb.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2012-05-28 c:\windows\Tasks\TheBflixUpdaterLogonTask.job
- c:\programdata\TheBflixUpdater\updater.exe [2012-05-24 08:59]
.
2012-05-28 c:\windows\Tasks\TheBflixUpdaterRefreshTask.job
- c:\programdata\TheBflixUpdater\updater.exe [2012-05-24 08:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-05-08 13:13 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb139?a=6OyCOBN9Bd&i=26
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&barid={9CE84DD7-96D2-11E1-BF07-984BE194B137}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Get all flash - c:\progra~2\CFLASH~1\source.html
IE: {{1DD00580-1EBE-11D6-B336-95364C649934} - c:\progra~2\CFLASH~1\source.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11b_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11b_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-28 14:24:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 12:24
.
Pre-Run: 241 817 894 912 bytes free
Post-Run: 241 414 557 696 bytes free
.
- - End Of File - - A42A8399537ABD86DECD18EF4D9C05FD

inak ten scen combofixu som robil v nudzovom rezime lebo v normal to neslo a vopred dakujem za ochotu a vas cas snad to asi bude všetko čo trebalo urobit ešte raz dakujem.

Ještě neutíkej, pokračujeme.

Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.

• Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
• Zkopíruj do něj tento script:

• Ulož vytvořený TXT jako CFScript.txt
• Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
  
• Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.

Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.

ok takže tu je log všetko som urobil ako my bolo napisane snat je to ok


ComboFix 12-05-25.02 - ntb . 05. 2012 12:47:05.8.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.1787.709 [GMT 2:00]
Running from: c:\users\ntb\Desktop\ComboFix.exe
Command switches used :: c:\users\ntb\Desktop\CFScript.txt
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\RealoreStudios\tbReal.dll"
"c:\program files\Web Assistant\Extension32.dll"
"c:\program files\Web Assistant\Extension64.dll"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2849938400-382112921-2583456742-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2849938400-382112921-2583456742-1000UA.job"
"c:\windows\Tasks\HPCeeScheduleForntb.job"
"c:\windows\Tasks\TheBflixUpdaterLogonTask.job"
"c:\windows\Tasks\TheBflixUpdaterRefreshTask.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Spyware Terminator
c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
c:\program files (x86)\Spyware Terminator\TorrentDll.dll
c:\program files (x86)\SweetIM
c:\program files (x86)\SweetIM\Communicator\mgcommon.dll
c:\program files (x86)\SweetIM\Communicator\mgcommunication.dll
c:\program files (x86)\SweetIM\Communicator\mgsimcommon.dll
c:\program files (x86)\SweetIM\Communicator\mgxml_wrapper.dll
c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcm90.dll
c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll
c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
c:\program files (x86)\Winamp Toolbar
c:\program files (x86)\Winamp Toolbar\winamptbServer.exe
c:\program files\Web Assistant\Extension64.dll
c:\programdata\Babylon
c:\programdata\Spyware Terminator
c:\programdata\SweetIM
c:\programdata\SweetIM\Communicator\conf\communicator.xml
c:\programdata\TuneUp Software
c:\programdata\TuneUp Software\TU2012\TUProgRating.10.tudb
c:\programdata\TuneUp Software\TU2012\TUReportData.10.tudb
c:\programdata\TuneUp Software\TuneUp Utilities 2012\default-zal.mo
c:\programdata\TuneUp Software\TuneUp Utilities 2012\en-GB\default.mo
c:\programdata\TuneUp Software\TuneUp Utilities\Program Statistics\ProgramStatistics.10.tudb
c:\programdata\TuneUp Software\TuneUp Utilities\TUProgMan.10.tudb
c:\programdata\TuneUp Software\TuneUp Utilities\TUProgManagerCache.10.tudb
c:\programdata\TuneUp Software\TuneUp Utilities\TUTuningIndex.10.2.tudb
c:\programdata\TuneUp Software\TuneUp Utilities\TUUtilitiesSvc.12.tudb
c:\users\ntb\AppData\Local\Babylon
c:\users\ntb\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\ntb\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\ntb\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\ntb\AppData\Local\Babylon\Setup\BExternal.dll
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\blueStar.png
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\globe.png
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\options.js
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\page0.html
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\page3.css
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\page3.html
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\page3Lrg.css
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\progress.png
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\setup.js
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\title.png
c:\users\ntb\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\ntb\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\ntb\AppData\Local\Babylon\Setup\Setup-tbmntr903.zpb
c:\users\ntb\AppData\Local\Babylon\Setup\Setup.exe
c:\users\ntb\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\ntb\AppData\Local\Babylon\Setup\sign
c:\users\ntb\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\ntb\AppData\Roaming\Babylon
c:\users\ntb\AppData\Roaming\Babylon\log_file.txt
c:\users\ntb\AppData\Roaming\TuneUp Software
c:\users\ntb\AppData\Roaming\TuneUp Software\TU2012\Backups\00000001.rcb
c:\users\ntb\AppData\Roaming\TuneUp Software\TU2012\Backups\00000002.rcb
c:\users\ntb\AppData\Roaming\TuneUp Software\TU2012\Backups\00000003.rcb
c:\users\ntb\AppData\Roaming\TuneUp Software\TU2012\Backups\00000004.rcb
c:\users\ntb\AppData\Roaming\TuneUp Software\TU2012\Backups\00000005.rcb
c:\users\ntb\AppData\Roaming\TuneUp Software\TU2012\Backups\00000006.rcb
c:\users\ntb\AppData\Roaming\TuneUp Software\TU2012\Backups\00000007.rcb
c:\users\ntb\AppData\Roaming\TuneUp Software\TU2012\Dashboard\IntegratorStates_en-US.xml
c:\users\ntb\AppData\Roaming\TuneUp Software\TU2012\Speed Optimizer\SpeedOptimizerStates.xml
c:\users\ntb\AppData\Roaming\TuneUp Software\TU2012\StartUp Manager\PreviousEntries.dat
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2849938400-382112921-2583456742-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2849938400-382112921-2583456742-1000UA.job
c:\windows\Tasks\HPCeeScheduleForntb.job
c:\windows\Tasks\TheBflixUpdaterLogonTask.job
c:\windows\Tasks\TheBflixUpdaterRefreshTask.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeARMservice
-------\Service_ezSharedSvc
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))))
.
.
2012-05-29 10:56 . 2012-05-29 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-25 08:23 . 2012-05-28 14:23 -------- d-----w- c:\users\ntb\AppData\Roaming\AIMP
2012-05-25 08:23 . 2012-05-25 08:23 -------- d-----w- c:\program files (x86)\AIMP2
2012-05-24 16:38 . 2012-05-24 16:39 -------- d-----w- c:\program files\trend micro
2012-05-24 16:38 . 2012-05-24 16:39 -------- d-----w- C:\rsit
2012-05-24 16:21 . 2012-05-24 16:21 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-05-24 13:42 . 2012-05-24 13:42 -------- d-----w- c:\users\ntb\AppData\Roaming\Malwarebytes
2012-05-24 13:42 . 2012-05-24 16:13 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-05-24 13:42 . 2012-05-24 13:42 -------- d-----w- c:\programdata\Malwarebytes
2012-05-24 09:00 . 2012-05-29 10:55 -------- d-----w- c:\program files\Web Assistant
2012-05-24 08:59 . 2012-05-24 13:59 -------- d-----w- c:\programdata\TheBflixUpdater
2012-05-24 08:59 . 2012-05-24 08:59 -------- d-----w- c:\programdata\InstallMate
2012-05-24 08:57 . 2012-05-24 08:57 -------- d-----w- c:\users\ntb\.swt
2012-05-24 08:57 . 2012-05-24 16:16 -------- d-----w- c:\users\ntb\AppData\Roaming\Azureus
2012-05-24 08:56 . 2012-05-24 08:56 -------- d-----w- c:\program files (x86)\Vuze
2012-05-22 18:16 . 2012-05-22 18:17 -------- d-----w- c:\program files\Defraggler
2012-05-22 18:15 . 2012-05-22 18:15 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-05-22 17:55 . 2012-05-22 17:55 -------- d-----w- c:\program files\CCleaner
2012-05-22 12:38 . 2012-05-22 12:38 -------- d-----w- c:\users\ntb\AppData\Roaming\NeroDCTemplates
2012-05-10 10:00 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 10:00 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 10:00 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 10:00 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 10:00 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 10:00 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 09:59 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 09:59 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 09:58 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 09:58 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-05 17:12 . 2012-05-24 09:00 1945 ----a-w- C:\user.js
2012-05-05 17:12 . 2012-05-05 17:12 -------- d-----w- c:\users\ntb\AppData\Roaming\OnLine TV Lite
2012-05-05 17:12 . 2012-05-05 17:12 -------- d-----w- c:\program files (x86)\OnLine TV Lite
2012-05-05 17:12 . 2012-05-24 16:09 -------- d-----w- c:\programdata\IBUpdaterService
2012-05-05 16:52 . 2012-05-22 18:10 -------- d-----w- c:\users\ntb\Tracing
2012-05-05 16:50 . 2012-05-06 18:40 -------- d-----w- c:\program files (x86)\cflashplayer
2012-05-05 07:33 . 2012-05-05 07:33 -------- d-----w- c:\program files (x86)\HP
2012-05-05 07:28 . 2012-05-05 07:28 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 06:46 . 2012-04-15 18:19 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-15 18:19 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-15 18:19 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-15 18:19 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-15 18:19 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-15 18:19 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-15 18:19 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-28_12.20.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-28 12:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-29 10:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-28 12:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 10:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 10:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-28 12:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-10 08:53 . 2012-05-28 14:26 60212 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-29 11:01 49784 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-01 12:25 . 2012-05-29 11:01 18640 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2849938400-382112921-2583456742-1000_UserData.bin
- 2011-07-13 17:40 . 2012-05-25 12:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-13 17:40 . 2012-05-29 08:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-13 17:40 . 2012-05-29 08:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-13 17:40 . 2012-05-25 12:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-25 12:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 08:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-28 14:29 94472 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-29 10:59 . 2012-05-29 10:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-28 12:20 . 2012-05-28 12:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-28 12:20 . 2012-05-28 12:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-29 10:59 . 2012-05-29 10:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-08 21:59 . 2012-05-29 09:24 241080 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-05-22 17:40 618912 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-29 09:49 618912 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-29 09:49 107232 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-22 17:40 107232 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-05-29 10:58 395084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-28 12:06 395084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-07-12 16:03 . 2012-05-25 12:06 1980624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-12 16:03 . 2012-05-28 19:27 1980624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-01 12:46 . 2012-05-28 12:06 2208636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2849938400-382112921-2583456742-1000-8192.dat
+ 2011-08-01 12:46 . 2012-05-29 10:58 2208636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2849938400-382112921-2583456742-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"BDRegion"=c:\program files (x86)\Cyberlink\Shared files\brs.exe
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-06-08 153808]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tswNT;toolstar*testWIN support driver;c:\users\ADMINI~1\AppData\Local\Temp\00132654\tswnt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-09-29 249856]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"combofix"="c:\combofix\CF18316.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Get all flash - c:\progra~2\CFLASH~1\source.html
IE: {{1DD00580-1EBE-11D6-B336-95364C649934} - c:\progra~2\CFLASH~1\source.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: Interfaces\{8A26E1D3-D8E7-45A0-9B04-624DAF98CD45}: NameServer = 213.151.200.30 213.151.208.161
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\Web Assistant\Extension64.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
c:\program files (x86)\Mobile Partner\Mobile Partner.exe
.
**************************************************************************
.
Completion time: 2012-05-29 13:06:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-29 11:06
ComboFix2.txt 2012-05-28 12:24
.
Pre-Run: 240 773 369 856 bytes free
Post-Run: 240 286 236 672 bytes free
.
- - End Of File - - E514999F2CE193EF4564424AF932620D

Jak se chová počítač teď?

no notebook sa chova v pohode neregistrujem zatial žiadne problemy myslim že je to ok.

Výborně. Tak mi prosím vygeneruj aktuální log ze RSITu a já to podle něj dočistím.

ok takže tu je log


Logfile of random's system information tool 1.09 (written by random/random)
Run by ntb at 2012-05-29 14:10:09
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 229 GB (79%) free of 289 GB
Total RAM: 1787 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:10:22, on 29. 5. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\ntb.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\RunOnce: [TheBflixUpdater] "C:\ProgramData\TheBflixUpdater\updater.exe" /schedule /profilepath "C:\ProgramData\TheBflixUpdater\profile.ini"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Get all flash - C:\PROGRA~2\CFLASH~1\source.html
O9 - Extra button: Cool Flash Player - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\PROGRA~2\CFLASH~1\source.html
O9 - Extra 'Tools' menuitem: &Search SWF Files - {1DD00580-1EBE-11D6-B336-95364C649934} - C:\PROGRA~2\CFLASH~1\source.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A26E1D3-D8E7-45A0-9B04-624DAF98CD45}: NameServer = 213.151.200.30 213.151.208.161
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10227 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\PROGRA~2\AVG\AVG10\avgchsva.exe /boot
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 1610384
\??\C:\Windows\system32\conhost.exe "1647055316-1351619174-1813547434-1908643053-8817110111465488321713264854-487186035
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files (x86)\AVG\AVG10\avgfws.exe"
"C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe"
taskeng.exe {5F89C7D2-382F-46FD-886A-C8B8CE774EDB}
C:\ProgramData\DatacardService\DCService.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
"C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Web Assistant\ExtensionUpdaterService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\AVG\AVG10\avgam.exe"
"C:\Program Files (x86)\AVG\AVG10\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe"
WLIDSvcM.exe 2528
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3b826e92-36dc-4d8b-ae4d-8ba33d9811dd -SystemEventPortName:HostProcess-3af8def1-5057-4af8-a1e5-1413559c3ecb -IoCancelEventPortName:HostProcess-868340f1-3609-4865-b3af-93e20dedba9e -NonStateChangingEventPortName:HostProcess-3c9e24c9-64d2-4cff-a21f-2a4f4cf452f8 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:6a0b26d2-f8e2-4e24-8abe-39dc95d27cfb
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe /pipeName=836fdf33-c940-4953-ae8b-445fed94e55d /coreSdkOptions=18 /logConfFile="C:\ProgramData\AVG10\temp\f5f8831f-cf4c-4c76-a345-1a2d56757e59-a40-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG10\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg10" /tempPath="C:\ProgramData\AVG10\temp\"
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe /pipeName=dbeb0c50-9980-4c6b-b2e6-9318828ba628 /coreSdkOptions=30 /logConfFile="C:\ProgramData\AVG10\temp\4f758821-04c2-4519-bd77-b1563b6a0170-d2c-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG10\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg10" /tempPath="C:\ProgramData\AVG10\temp\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
atieclxx
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\AVG\AVG10\avgtray.exe"
"C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe"
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/13/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="4572.1.1218678737\985193450" /prefetch:3
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/13/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="4572.2.661870326\1309245061" /prefetch:3
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4572.4.1045845697\1327064952" --reduce-gpu-sandbox --disable-image-transport-surface /prefetch:12
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\ntb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll" --lang=sk --channel="4572.5.1784463031\1442710161" /prefetch:4
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\ntb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.440_0\npbrowserext.dll" --lang=sk --channel="4572.6.489323138\60173763" /prefetch:4
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/13/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="4572.7.819705877\527713204" /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\ntb\AppData\Local\Google\Chrome\APPLIC~1\190108~1.52\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\ntb\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\ntb\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll" --lang=sk --channel="4572.9.44386128\21897183" --flash-broker=2156 /prefetch:4
C:\Windows\system32\atibtmon.exe Global\Ati_VariBrightMonitorEvent
"C:\Users\ntb\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
taskhost.exe $(Arg0)
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\TheBflixUpdaterLogonTask.job
C:\Windows\tasks\TheBflixUpdaterRefreshTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-10 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-03 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-04-23 2097960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-06-30 602168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [2012-02-23 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-05-26 6245408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-06-17 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator]
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"=C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2012-01-17 2339168]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"TheBflixUpdater"=C:\ProgramData\TheBflixUpdater\updater.exe [2012-05-24 229888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-09-14 249344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2010-07-10 52920]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-05-29 13:08:12 ----SHD---- C:\$RECYCLE.BIN
2012-05-29 13:06:33 ----D---- C:\Windows\temp
2012-05-29 13:06:30 ----A---- C:\ComboFix.txt
2012-05-25 14:10:57 ----A---- C:\Windows\zip.exe
2012-05-25 14:10:57 ----A---- C:\Windows\SWSC.exe
2012-05-25 14:10:57 ----A---- C:\Windows\SWREG.exe
2012-05-25 14:10:57 ----A---- C:\Windows\sed.exe
2012-05-25 14:10:57 ----A---- C:\Windows\PEV.exe
2012-05-25 14:10:57 ----A---- C:\Windows\NIRCMD.exe
2012-05-25 14:10:57 ----A---- C:\Windows\MBR.exe
2012-05-25 14:10:57 ----A---- C:\Windows\grep.exe
2012-05-25 14:10:48 ----D---- C:\Windows\ERDNT
2012-05-25 14:09:02 ----D---- C:\Qoobox
2012-05-25 10:23:37 ----D---- C:\Users\ntb\AppData\Roaming\AIMP
2012-05-25 10:23:16 ----D---- C:\Program Files (x86)\AIMP2
2012-05-24 18:38:57 ----D---- C:\Program Files\trend micro
2012-05-24 18:38:55 ----D---- C:\rsit
2012-05-24 18:21:48 ----A---- C:\Windows\system32\drivers\stflt.sys
2012-05-24 15:42:29 ----D---- C:\Users\ntb\AppData\Roaming\Malwarebytes
2012-05-24 15:42:14 ----D---- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-05-24 15:42:11 ----D---- C:\ProgramData\Malwarebytes
2012-05-24 11:00:42 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-05-24 11:00:35 ----D---- C:\Program Files\Web Assistant
2012-05-24 10:59:44 ----D---- C:\ProgramData\TheBflixUpdater
2012-05-24 10:59:12 ----D---- C:\ProgramData\InstallMate
2012-05-24 10:57:08 ----D---- C:\Users\ntb\AppData\Roaming\Azureus
2012-05-24 10:56:38 ----D---- C:\Program Files (x86)\Vuze
2012-05-24 09:25:10 ----D---- C:\Windows\pss
2012-05-22 20:16:46 ----D---- C:\Program Files\Defraggler
2012-05-22 20:15:51 ----SHD---- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-05-22 20:14:57 ----D---- C:\Users\ntb\AppData\Roaming\WinRAR
2012-05-22 19:55:48 ----D---- C:\Program Files\CCleaner
2012-05-22 14:38:43 ----D---- C:\Users\ntb\AppData\Roaming\NeroDCTemplates
2012-05-10 12:00:33 ----A---- C:\Windows\system32\DWrite.dll
2012-05-10 12:00:32 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-10 12:00:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-10 12:00:20 ----A---- C:\Windows\system32\win32k.sys
2012-05-10 12:00:18 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-10 12:00:16 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-10 11:59:22 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-10 11:59:10 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-05 19:15:19 ----D---- C:\Config.Msi
2012-05-05 19:12:25 ----A---- C:\user.js
2012-05-05 19:12:10 ----D---- C:\Users\ntb\AppData\Roaming\OnLine TV Lite
2012-05-05 19:12:09 ----D---- C:\Program Files (x86)\OnLine TV Lite
2012-05-05 19:12:00 ----D---- C:\ProgramData\IBUpdaterService
2012-05-05 18:50:16 ----D---- C:\Program Files (x86)\cflashplayer
2012-05-05 09:33:34 ----D---- C:\Program Files (x86)\HP
2012-05-05 09:28:41 ----D---- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

======List of files/folders modified in the last 1 month======

2012-05-29 13:57:56 ----D---- C:\Windows\system32\drivers\AVG
2012-05-29 13:08:17 ----D---- C:\Windows\Tasks
2012-05-29 13:06:41 ----D---- C:\Windows\system32\drivers
2012-05-29 13:06:36 ----D---- C:\Windows\SYSWOW64\drivers
2012-05-29 13:06:33 ----D---- C:\Windows
2012-05-29 13:04:05 ----D---- C:\Windows\tracing
2012-05-29 13:00:19 ----A---- C:\Windows\system.ini
2012-05-29 13:00:09 ----D---- C:\Windows\system32\drivers\etc
2012-05-29 12:59:56 ----D---- C:\Windows\SysWOW64
2012-05-29 12:58:02 ----D---- C:\Windows\system32\config
2012-05-29 12:55:50 ----D---- C:\ProgramData
2012-05-29 12:55:49 ----D---- C:\Program Files (x86)
2012-05-29 12:53:48 ----D---- C:\Windows\System32
2012-05-29 12:53:45 ----D---- C:\Windows\AppPatch
2012-05-29 12:52:30 ----D---- C:\Program Files\Common Files
2012-05-29 12:52:30 ----D---- C:\Program Files (x86)\Common Files
2012-05-29 12:47:15 ----D---- C:\Windows\Prefetch
2012-05-29 11:49:20 ----D---- C:\Windows\inf
2012-05-29 11:49:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-28 16:29:13 ----SD---- C:\Users\ntb\AppData\Roaming\Microsoft
2012-05-28 14:09:45 ----D---- C:\Windows\system32\catroot2
2012-05-28 10:44:32 ----SHD---- C:\System Volume Information
2012-05-25 14:04:17 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-05-25 10:44:38 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-05-25 10:44:17 ----SHD---- C:\Windows\Installer
2012-05-25 10:44:15 ----D---- C:\Program Files (x86)\CyberLink
2012-05-25 10:44:01 ----D---- C:\Program Files (x86)\The KMPlayer
2012-05-25 10:39:48 ----D---- C:\ProgramData\CyberLink
2012-05-25 10:37:37 ----RD---- C:\Program Files
2012-05-25 10:36:00 ----SD---- C:\ProgramData\Microsoft
2012-05-25 10:32:03 ----D---- C:\Program Files\Google
2012-05-25 10:32:03 ----D---- C:\Program Files (x86)\Google
2012-05-25 10:31:21 ----D---- C:\Windows\system32\catroot
2012-05-25 10:27:49 ----D---- C:\Windows\winsxs
2012-05-25 10:20:26 ----D---- C:\Program Files (x86)\Winamp
2012-05-25 10:18:18 ----D---- C:\Windows\system32\Tasks
2012-05-25 10:17:40 ----D---- C:\Windows\system32\DriverStore
2012-05-25 10:17:35 ----D---- C:\Program Files\Common Files\Apple
2012-05-25 10:15:44 ----D---- C:\Program Files (x86)\Opera
2012-05-25 10:15:37 ----D---- C:\Users\ntb\AppData\Roaming\Opera
2012-05-25 10:14:46 ----D---- C:\ProgramData\Apple Computer
2012-05-25 10:14:05 ----DC---- C:\Windows\system32\DRVSTORE
2012-05-25 09:45:44 ----D---- C:\ProgramData\Google
2012-05-24 19:59:35 ----D---- C:\Users\ntb\AppData\Roaming\Nitro PDF
2012-05-24 18:18:42 ----D---- C:\Windows\SoftwareDistribution
2012-05-22 20:14:54 ----D---- C:\Program Files\Winrar
2012-05-22 20:10:15 ----D---- C:\Users\ntb\AppData\Roaming\Skype
2012-05-22 20:09:55 ----D---- C:\Windows\Panther
2012-05-22 20:09:55 ----D---- C:\Windows\ModemLogs
2012-05-22 20:09:55 ----D---- C:\Windows\Logs
2012-05-22 20:09:55 ----D---- C:\Windows\debug
2012-05-22 10:46:39 ----D---- C:\Windows\Microsoft.NET
2012-05-22 10:46:36 ----RSD---- C:\Windows\assembly
2012-05-10 21:52:56 ----A---- C:\Windows\system32\MRT.exe
2012-05-05 19:21:42 ----A---- C:\Windows\NeroDigital.ini
2012-05-05 18:48:04 ----D---- C:\Users\ntb\AppData\Roaming\ICQ
2012-05-05 09:38:50 ----D---- C:\Windows\Help
2012-05-05 09:31:01 ----D---- C:\Program Files (x86)\Hewlett-Packard
2012-05-05 09:26:10 ----D---- C:\SwSetup
2012-05-04 08:25:52 ----D---- C:\Windows\system32\wfp
2012-05-04 08:25:50 ----D---- C:\Windows\system32\CodeIntegrity
2012-05-04 08:25:46 ----D---- C:\Windows\system32\wbem
2012-05-04 08:25:46 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-08-24 16440]
R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2010-07-12 57696]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-06-17 6403072]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-06-17 188928]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-07-12 3060800]
R3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2010-08-24 91648]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 86016]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-05-26 2374560]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-04-23 318000]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2011-10-03 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2011-10-03 27176]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tswNT;toolstar*testWIN support driver; \??\C:\Users\ADMINI~1\AppData\Local\Temp\00132654\tswnt.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-06-17 202752]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 DCService.exe;DCService.exe; C:\ProgramData\DatacardService\DCService.exe [2010-09-29 249856]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-05-19 73728]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-08 2804568]
R2 Web Assistant Updater;Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-19 103992]
S2 RtVOsdService;RtVOsdService Installer; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-20 315392]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-03-28 799800]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-06-08 153808]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-07 1255736]

-----------------EOF-----------------