Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013 Ran by Zoran (administrator) on FOTOREKORD on 18-10-2013 10:34:10 Running from C:\Documents and Settings\Zoran\Desktop\RVir Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 6 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (IVT Corporation.) C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Adobe Systems, Incorporated) C:\Program Files\Adobe Photoshop CS3\Photoshop.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5048488 2009-09-12] (Acronis) HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [OpwareSE2] - C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.) HKLM\...\Run: [BluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [67584 2004-06-18] (Realtek Semiconductor Corp.) HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software) HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk ShortcutTarget: BlueSoleil.lnk -> C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=10148&l=dis HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=FF&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=B3AD5E59-0DB0-48B7-96C0-FC1A56906B25&apn_sauid=BD57861A-BEC6-4FCC-8F0A-8A97061C9E26 SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=FF&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=B3AD5E59-0DB0-48B7-96C0-FC1A56906B25&apn_sauid=BD57861A-BEC6-4FCC-8F0A-8A97061C9E26 Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) ========================== Services (Whitelisted) ================= R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660520 2009-09-12] (Acronis) R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2011-06-01] (Acronis) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== R1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [25256 2012-10-31] (AVAST Software) R3 ALCXSENS; C:\Windows\System32\drivers\ALCXSENS.SYS [400384 2004-02-24] (Sensaura) R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [626204 2004-06-21] (Realtek Semiconductor Corp.) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software) R2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [97608 2012-10-31] (AVAST Software) R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [35928 2012-10-31] (AVAST Software) R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software) R3 atinrvxx; C:\Windows\System32\DRIVERS\atinrvxx.sys [104960 2008-04-14] (ATI Technologies Inc.) R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [34704 2007-05-11] (IVT Corporation.) R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27792 2007-03-05] (IVT Corporation.) R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [18320 2007-03-05] (IVT Corporation.) S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [36496 2007-05-09] (IVT Corporation.) R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [20880 2007-03-05] (IVT Corporation.) R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [35600 2007-03-05] (IVT Corporation.) S3 BTNetFilter; C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-21] (IVT Corporation.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation) R3 MVDCODEC; C:\Windows\System32\DRIVERS\atinmdxx.sys [13824 2008-04-14] (ATI Technologies Inc.) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2012-05-02] (Padus, Inc.) R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation) R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2011-06-01] (Acronis) R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [34448 2007-03-05] (IVT Corporation.) R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [44304 2007-03-05] (IVT Corporation.) S4 IntelIde; No ImagePath S1 SASDIFSV; \??\I:\ \PROGRAMI\_PORTABLE\SUPERAntiSpywarePortable\App\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SASKUTIL; \??\I:\ \PROGRAMI\_PORTABLE\SUPERAntiSpywarePortable\App\SUPERAntiSpyware\SASKUTIL.SYS [x] U1 WS2IFSL; ========================== Drivers MD5 ======================= C:\Windows\System32\Drivers\Aavmker4.sys 149A8F7ADF9742554DC323E290551E3E C:\Windows\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17 C:\Windows\System32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5 C:\Windows\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557 C:\Windows\System32\DRIVERS\afcdp.sys F132D0BFDE7C5EA1AB42325C5694A969 C:\Windows\System32\drivers\afd.sys 322D0E36693D6E24A2398BEE62A268CD C:\Windows\System32\drivers\ALCXSENS.SYS BA88534A3CEB6161E7432438B9EA4F54 C:\Windows\System32\drivers\ALCXWDM.SYS 5FF6F7E58C798F1474C0BBFFC23CB78D C:\Windows\System32\DRIVERS\amdk7.sys 8FCE268CDBDD83B23419D1F35F42C7B1 C:\Windows\System32\DRIVERS\arp1394.sys B5B8A80875C1DEDEDA8B02765642C32F C:\Windows\System32\Drivers\aswFsBlk.sys DE6ED95AEF259979B2830450072A627B C:\Windows\System32\Drivers\aswMon2.sys 84F0BE324EE111338589F448C3E8BAB2 C:\Windows\System32\Drivers\AswRdr.sys 7C9F0A2AB17D52261A9252A2EB320884 C:\Windows\System32\Drivers\aswSnx.sys B32E9AD44A1DBB3E8095E80F8DF32B03 C:\Windows\System32\Drivers\aswSP.sys 67B558895695545FB0568B7541F3BCA7 C:\Windows\System32\Drivers\aswTdi.sys E3E73B2B73A4DFADFDDF557192C4B08A C:\Windows\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC C:\Windows\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674 C:\Windows\System32\DRIVERS\ati2mtag.sys 8759322FFC1A50569C1E5528EE8026B7 C:\Windows\System32\DRIVERS\atinrvxx.sys A7A01B907DB63898D40B0A14248FF9A2 C:\Windows\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159 C:\Windows\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68 C:\Windows\System32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9 C:\Windows\System32\DRIVERS\blueletaudio.sys 852A1BD08E7DFEB9E30B5440881C0501 C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys 8FC27B12A02B43947787F0EF1885DF9B C:\Windows\System32\DRIVERS\btnetdrv.sys C5CCE2B26F73F8CF7F3C82159E79AA08 C:\Windows\System32\Drivers\btcusb.sys DA473D279420234170DA795F1CAD4479 C:\Windows\System32\DRIVERS\BthEnum.sys B279426E3C0C344893ED78A613A73BDE C:\Windows\System32\Drivers\vbtenum.sys CE643D0918123D76A5CAAB008FCA9663 C:\Windows\System32\Drivers\BTHidMgr.sys DFCA4FE4C8AEC786B4D0F432EB730F48 C:\Windows\System32\DRIVERS\bthpan.sys 80602B8746D3738F5886CE3D67EF06B6 C:\Windows\System32\Drivers\BTHport.sys 10B85171B90C449F8DA71C2640B797E9 C:\Windows\System32\Drivers\BTHUSB.sys 61364CD71EF63B0F038B7E9DF00F1EFA C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys 4F26303BECBB7CC5CA8FF39593124CF2 C:\Windows\System32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9 C:\Windows\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C C:\Windows\System32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B C:\Windows\System32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32 C:\Windows\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE C:\Windows\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25 C:\Windows\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41 C:\Windows\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F C:\Windows\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F C:\Windows\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45 C:\Windows\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8 C:\Windows\System32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E C:\Windows\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81 C:\Windows\System32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3 C:\Windows\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0 C:\Windows\System32\DRIVERS\fltMgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0 C:\Windows\System32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A C:\Windows\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D C:\Windows\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2 C:\Windows\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1 C:\Windows\System32\Drivers\HTTP.sys F6AACF5BCE2893E0C1754AFEB672E5C9 C:\Windows\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30 C:\Windows\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E C:\Windows\System32\DRIVERS\Ip6Fw.sys 3BB22519A194418D5FEC05D800A19AD0 C:\Windows\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182 C:\Windows\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5 C:\Windows\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB C:\Windows\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91 C:\Windows\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89 C:\Windows\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7 C:\Windows\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128 C:\Windows\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378 C:\Windows\System32\Drivers\KSecDD.sys 1705745D900DABF2D89F90EBADDC7517 C:\WINDOWS\system32\drivers\mbam.sys 629CABB0421668C9D3D402A3C3D77E14 C:\Windows\System32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6 C:\Windows\System32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1 C:\Windows\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04 C:\Windows\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685 C:\Windows\System32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD C:\Windows\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD C:\Windows\System32\DRIVERS\mrxsmb.sys 68755F0FF16070178B54674FE5B847B0 C:\Windows\System32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027 C:\Windows\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1 C:\Windows\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E C:\Windows\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D C:\Windows\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136 C:\Windows\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D C:\Windows\System32\Drivers\Mup.sys 2F625D11385B1A94360BFC70AAEFDEE1 C:\Windows\System32\DRIVERS\atinmdxx.sys ED4C2BF8403F4437987C0BA09CF48716 C:\Windows\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB C:\Windows\System32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D C:\Windows\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97 C:\Windows\System32\DRIVERS\ndistapi.sys 1AB3D00C991AB086E69DB84B6C0ED78F C:\Windows\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849 C:\Windows\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB C:\Windows\System32\Drivers\NDProxy.sys 6215023940CFD3702B46ABC304E1D45A C:\Windows\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0 C:\Windows\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D C:\Windows\System32\DRIVERS\nic1394.sys E9E47CFB2D461FA0FC75B7A74C6383EA C:\Windows\System32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A C:\Windows\System32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA C:\Windows\System32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD C:\Windows\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57 C:\Windows\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9 C:\Windows\System32\DRIVERS\ohci1394.sys CA33832DF41AFB202EE7AEB05145922F C:\Windows\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C C:\Windows\System32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6 C:\Windows\System32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1 C:\Windows\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1 C:\Windows\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0 C:\Windows\System32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1 C:\Windows\System32\drivers\pfc.sys 5903FA75200807AD739286BBF40C4904 C:\Windows\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99 C:\Windows\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424 C:\Windows\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD C:\Windows\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E C:\Windows\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C C:\Windows\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6 C:\Windows\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE C:\Windows\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242 C:\Windows\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A C:\Windows\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332 C:\Windows\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1 C:\Windows\System32\Drivers\RDPWD.sys 6728E45B66F93C08F11DE2E316FC70DD C:\Windows\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5 C:\Windows\System32\DRIVERS\rfcomm.sys 851C30DF2807FCFA21E4C681A7D6440E C:\Windows\System32\Drivers\RootMdm.sys D8B0B4ADE32574B2D9C5CC34DC0DBBE7 C:\Windows\System32\DRIVERS\RTL8139.SYS D507C1400284176573224903819FFDA3 C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE C:\Windows\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7 C:\Windows\System32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562 C:\Windows\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14 C:\Windows\System32\DRIVERS\snapman.sys FFD9B64DB2CD7B74B766C3A8452A5816 C:\Windows\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F C:\Windows\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D C:\Windows\System32\DRIVERS\srv.sys 5252605079810904E31C332E241CD59B C:\Windows\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2 C:\Windows\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F C:\Windows\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01 C:\Windows\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290 C:\Windows\System32\DRIVERS\tcpip.sys 93EA8D04EC73A85DB02EB8805988F733 C:\Windows\System32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397 C:\Windows\System32\DRIVERS\tdrpm251.sys 3630F5B8181554DEECFE2E4252BC4C4C C:\Windows\System32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61 C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E C:\Windows\System32\DRIVERS\timntr.sys C820BFC70FEB25EC877C49E81CD477C1 C:\Windows\System32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9 C:\Windows\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31 C:\Windows\System32\DRIVERS\usbccgp.sys 173F317CE0DB8E21322E71B7E60A27E8 C:\Windows\System32\DRIVERS\usbehci.sys 65DCF09D0E37D4C6B11B5B0B76D470A7 C:\Windows\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C C:\Windows\System32\DRIVERS\usbohci.sys 0DAECCE65366EA32B162F85F07C6753B C:\Windows\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00 C:\Windows\System32\DRIVERS\usbscan.sys A0B8CF9DEB1184FBDD20784A58FA75D4 C:\Windows\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9 C:\Windows\System32\DRIVERS\VComm.sys 51750B0539986186C6931FC40D171521 C:\Windows\System32\Drivers\VcommMgr.sys 6D9C891C0A761AFED1F3609C2E56F2B9 C:\Windows\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1 C:\Windows\System32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025 C:\Windows\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6 C:\Windows\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F C:\Windows\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-18 10:34 - 2013-10-18 10:34 - 00000000 ____D C:\FRST 2013-10-18 10:33 - 2013-10-18 10:33 - 00000000 ____D C:\Documents and Settings\Zoran\Desktop\RVir 2013-10-17 18:42 - 2013-10-16 22:03 - 132796408 _____ C:\Documents and Settings\Zoran\Desktop\kff48m57.exe 2013-10-17 12:01 - 2013-10-17 09:21 - 86842640 _____ (Microsoft Corporation) C:\Documents and Settings\Zoran\Desktop\msert.exe 2013-10-17 11:49 - 2013-10-17 14:11 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore 2013-10-16 13:05 - 2013-10-16 13:05 - 00000000 ____D C:\Documents and Settings\Zoran\Application Data\SUPERAntiSpyware.com 2013-10-16 13:05 - 2013-10-16 13:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2013-10-04 17:46 - 2013-10-04 17:46 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-04 17:46 - 2013-10-04 17:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-04 17:46 - 2013-10-04 17:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-10-04 17:46 - 2012-12-14 16:49 - 00021104 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2013-10-04 17:30 - 2013-10-04 17:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus ==================== One Month Modified Files and Folders ======= 2013-10-18 10:34 - 2013-10-18 10:34 - 00000000 ____D C:\FRST 2013-10-18 10:33 - 2013-10-18 10:33 - 00000000 ____D C:\Documents and Settings\Zoran\Desktop\RVir 2013-10-18 10:17 - 2011-06-01 15:51 - 00000254 _____ C:\WINDOWS\wiadebug.log 2013-10-18 10:09 - 2012-05-03 10:16 - 00000000 ____D C:\Documents and Settings\Zoran\Application Data\Canon 2013-10-18 09:45 - 2012-06-15 18:40 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-18 08:39 - 2011-06-01 14:01 - 00407988 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-18 08:35 - 2013-01-18 17:15 - 00000314 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-10-18 08:34 - 2011-06-01 15:51 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-10-18 08:33 - 2012-06-15 18:40 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-18 08:33 - 2011-06-01 14:38 - 00000530 _____ C:\WINDOWS\Tasks\PandaUSBVaccine.job 2013-10-18 08:33 - 2011-06-01 14:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-10-17 20:52 - 2011-06-01 14:10 - 00000178 ___SH C:\Documents and Settings\Zoran\ntuser.ini 2013-10-17 20:52 - 2011-06-01 14:07 - 00032620 _____ C:\WINDOWS\SchedLgU.Txt 2013-10-17 19:05 - 2011-06-01 14:10 - 00000000 ____D C:\Documents and Settings\Zoran 2013-10-17 18:45 - 2011-06-01 18:16 - 00000000 ____D C:\WINDOWS\Minidump 2013-10-17 17:54 - 2013-06-17 11:45 - 00000000 ____D C:\Documents and Settings\Zoran\Doctor Web 2013-10-17 17:37 - 2013-06-12 12:03 - 00000000 ____D C:\MSI 2013-10-17 14:11 - 2013-10-17 11:49 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore 2013-10-17 09:21 - 2013-10-17 12:01 - 86842640 _____ (Microsoft Corporation) C:\Documents and Settings\Zoran\Desktop\msert.exe 2013-10-16 22:03 - 2013-10-17 18:42 - 132796408 _____ C:\Documents and Settings\Zoran\Desktop\kff48m57.exe 2013-10-16 13:05 - 2013-10-16 13:05 - 00000000 ____D C:\Documents and Settings\Zoran\Application Data\SUPERAntiSpyware.com 2013-10-16 13:05 - 2013-10-16 13:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2013-10-16 12:50 - 2012-05-02 11:25 - 00000860 _____ C:\WINDOWS\wincmd.ini 2013-10-16 12:34 - 2011-06-01 14:00 - 00000000 ____D C:\WINDOWS\system32\Restore 2013-10-16 12:25 - 2011-06-01 15:41 - 00000000 ____D C:\WINDOWS\repair 2013-10-15 18:54 - 2011-06-01 19:20 - 00000000 ____D C:\Program Files\Adobe Photoshop CS3 2013-10-15 08:26 - 2001-08-23 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-10-14 13:58 - 2011-06-01 17:28 - 00032768 _____ C:\Documents and Settings\Zoran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-14 10:48 - 2012-05-14 15:41 - 00002569 _____ C:\Documents and Settings\All Users\Desktop\ACDSee Photo Manager 2009.lnk 2013-10-08 11:59 - 2012-05-28 11:22 - 00000000 _RSHD C:\Win 2013-10-04 19:25 - 2011-06-01 15:41 - 00000000 ____D C:\WINDOWS\Provisioning 2013-10-04 17:46 - 2013-10-04 17:46 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-04 17:46 - 2013-10-04 17:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-04 17:46 - 2013-10-04 17:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-10-04 17:44 - 2012-05-11 08:32 - 00000000 ____D C:\Programi 2013-10-04 17:30 - 2013-10-04 17:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus 2013-10-04 17:30 - 2012-06-15 18:52 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk 2013-10-04 17:30 - 2011-06-01 15:48 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-10-04 17:30 - 2011-06-01 14:03 - 00002625 _____ C:\WINDOWS\system32\CONFIG.NT 2013-10-04 12:35 - 2013-06-16 12:09 - 00002561 _____ C:\Documents and Settings\Zoran\Desktop\Sophos Virus Removal Tool.lnk 2013-10-02 18:43 - 2012-05-04 17:59 - 00000049 _____ C:\WINDOWS\NeroDigital.ini Some content of TEMP: ==================== C:\Documents and Settings\Zoran\Local Settings\Temp\GoogleUpdateSetup_latest.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2008-04-14 05:42] - [2008-04-14 05:42] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185 C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================