Code:
ComboFix 10-09-03.02 - Nemanja666 09/04/2010 20:55:18.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1526.820 [GMT 2:00]
Running from: c:\users\Nemanja666\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\BDSShellRes.dllBDSShellRes.dll.mui
c:\windows\system32\BDSShellRes140.dllBDSShellRes140.dll.mui
c:\windows\system32\sqlite3.dll
.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.
2010-09-04 19:05 . 2010-09-04 19:05 -------- d-----w- c:\users\Nemanja666\AppData\Local\temp
2010-09-04 19:05 . 2010-09-04 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-04 18:48 . 2010-09-04 18:49 -------- d-----w- C:\32788R22FWJFW
2010-09-04 09:30 . 2010-09-04 09:30 -------- d-----w- c:\program files\CCleaner
2010-09-04 08:30 . 2010-09-04 09:10 -------- d-----w- c:\users\Nemanja666\AppData\Roaming\SPlayer
2010-09-04 08:30 . 2010-09-04 09:10 -------- d-----w- c:\program files\SPlayer
2010-09-03 14:23 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-03 14:23 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-03 14:23 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-03 14:23 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-03 14:23 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-03 14:22 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-09-03 14:22 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-03 14:22 . 2010-09-03 14:22 -------- d-----w- c:\programdata\Alwil Software
2010-09-03 14:22 . 2010-09-03 14:22 -------- d-----w- c:\program files\Alwil Software
2010-09-02 02:33 . 2010-09-02 02:33 -------- d-----w- c:\users\Nemanja666\AppData\Roaming\SeriousBit
2010-09-02 02:32 . 2010-09-02 02:33 -------- d-----w- c:\program files\NetBalancer
2010-09-02 02:32 . 2010-05-14 22:04 28776 ----a-w- c:\windows\system32\drivers\nbdrv.sys
2010-08-31 14:59 . 2010-08-31 14:59 103424 --sha-r- c:\windows\system32\C_21027F.dll
2010-08-30 10:58 . 2010-08-30 10:58 -------- d-----w- c:\users\Nemanja666\AppData\Local\TechSmith
2010-08-29 18:27 . 2010-03-04 15:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-08-29 18:27 . 2010-08-29 18:27 -------- d-----w- c:\windows\system32\QuickTime
2010-08-25 13:55 . 2010-08-25 13:55 -------- d-----w- c:\programdata\Stardock
2010-08-24 21:20 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-23 05:18 . 2010-08-23 05:18 -------- d-----w- c:\users\Nemanja666\AppData\Local\Stardock
2010-08-23 05:18 . 2010-08-23 05:18 -------- d-----w- c:\program files\Stardock
2010-08-18 16:11 . 2010-08-18 16:11 -------- d-----w- c:\users\Nemanja666\AppData\Roaming\gtk-2.0
2010-08-17 19:10 . 2010-08-17 19:10 -------- d-----w- c:\users\Nemanja666\AppData\Roaming\inkscape
2010-08-17 19:01 . 2010-08-17 19:05 -------- d-----w- c:\program files\Inkscape
2010-08-16 19:20 . 2010-08-30 21:08 -------- d-----w- c:\users\Nemanja666\AppData\Roaming\Ultra Fractal 5
2010-08-16 15:48 . 2010-08-16 15:48 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-08-16 15:47 . 2010-08-16 15:47 -------- d-----w- c:\program files\Microsoft.NET
2010-08-16 15:47 . 2010-08-16 15:47 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-16 15:44 . 2010-08-16 15:44 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-08-16 15:43 . 2010-08-16 15:43 -------- d-----r- C:\MSOCache
2010-08-13 01:02 . 2010-06-30 06:25 978432 ----a-w- c:\windows\system32\wininet.dll
2010-08-11 21:39 . 2010-08-11 21:39 -------- d-----w- c:\users\Nemanja666\AppData\Local\Qt
2010-08-11 07:44 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 07:44 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-11 07:44 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 07:44 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 07:44 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 07:44 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 07:44 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 07:44 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-11 07:44 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 07:44 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 07:43 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 07:43 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-10 07:16 . 2010-08-10 07:16 -------- d--h--w- c:\program files\InstallJammer Registry
2010-08-10 07:16 . 2010-08-10 07:34 -------- d-----w- c:\users\Nemanja666\AppData\Roaming\Wowd
2010-08-10 07:13 . 2010-08-10 07:16 -------- d-----w- c:\program files\Wowd
2010-08-10 05:39 . 2010-08-10 14:45 -------- d-----w- c:\users\Nemanja666\AppData\Roaming\Luxology
2010-08-10 05:26 . 2010-08-10 05:26 -------- d-----w- c:\users\Nemanja666\AppData\Local\Downloaded Installations
2010-08-06 10:11 . 2010-08-06 10:11 -------- d-----w- c:\users\Nemanja666\AppData\Local\TickTail
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 09:40 . 2009-11-12 20:14 -------- d-----w- c:\users\Nemanja666\AppData\Roaming\uTorrent
2010-09-04 02:20 . 2009-11-05 01:10 -------- d-----w- c:\program files\Warcraft III
2010-09-04 01:38 . 2010-07-26 00:42 -------- d-----w- c:\program files\DotAlicious Gaming Client
2010-09-04 01:37 . 2010-07-07 01:01 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-09-03 17:12 . 2009-11-05 01:05 -------- d-----w- c:\program files\Garena
2010-08-30 21:09 . 2010-03-31 21:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-30 17:59 . 2010-07-10 07:11 -------- d-----w- c:\users\Nemanja666\AppData\Roaming\Audacity
2010-08-23 15:52 . 2010-07-30 14:27 -------- d-----w- c:\program files\eclipse
2010-08-17 01:01 . 2010-04-18 04:27 -------- d-----w- c:\programdata\Microsoft Help
2010-08-16 21:12 . 2009-11-04 02:41 86944 ----a-w- c:\users\Nemanja666\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-11 22:43 . 2010-07-06 05:07 -------- d-----w- c:\users\Nemanja666\AppData\Roaming\Nokia
2010-08-08 11:32 . 2009-12-06 19:52 -------- d-----w- c:\users\Nemanja666\AppData\Roaming\Skype
2010-08-07 22:00 . 2009-12-06 19:54 -------- d-----w- c:\users\Nemanja666\AppData\Roaming\skypePM
2010-08-06 17:39 . 2009-12-02 03:57 -------- d-----w- c:\program files\Crimson Editor
2010-08-06 00:11 . 2009-11-04 13:11 -------- d-----w- c:\program files\Digsby
2010-07-30 14:32 . 2010-07-30 14:32 -------- d-----w- c:\program files\Nokia
2010-07-22 20:34 . 2010-07-22 20:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
2010-07-11 13:18 . 2010-07-11 13:18 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-11 13:18 . 2010-07-11 13:18 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-11 13:18 . 2010-07-11 13:18 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-11 13:18 . 2010-07-11 13:18 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-11 13:18 . 2010-07-11 13:18 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-11 13:18 . 2010-07-11 13:18 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-11 13:18 . 2010-07-11 13:18 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-11 13:18 . 2010-07-11 13:18 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-11 13:18 . 2010-07-11 13:18 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-11 13:18 . 2010-07-11 13:17 -------- d-----w- c:\program files\Common Files\Real
2010-07-11 13:18 . 2010-07-11 13:17 -------- d-----w- c:\program files\Real
2010-07-11 13:18 . 2010-07-11 13:18 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-11 13:17 . 2010-07-11 13:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-11 13:17 . 2010-07-11 13:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-10 07:25 . 2010-07-10 07:25 -------- d-----w- c:\program files\Lame for Audacity
2010-07-10 07:11 . 2010-07-10 07:11 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-07-09 12:46 . 2009-11-22 20:39 -------- d-----w- c:\program files\XMoto
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99756919-C498-4D97-9E20-2076DE0E42B9}]
2010-08-10 07:16 200704 ----a-w- c:\program files\Wowd\ext\eiexxpw.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetBalancer"="c:\program files\NetBalancer\SeriousBit.NetBalancer.Tray.exe" [2010-07-23 60928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
R3 GarenaPEngine;GarenaPEngine;c:\users\NEMANJ~1\AppData\Local\Temp\IIR619F.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys [2009-01-18 3567]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-09 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-07 691696]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 BlackfishSQL;BlackfishSQL;c:\program files\Embarcadero\RAD Studio\7.0\bin\BSQLServer.exe [2009-11-18 65536]
S2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2010-07-23 10240]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [2010-05-14 28776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 127.0.0.1:8118
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: {95116367-BED8-4407-ADE2-12F369620052} = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Nemanja666\AppData\Roaming\Mozilla\Firefox\Profiles\mlsoz174.new\
FF - component: c:\users\Nemanja666\AppData\Roaming\Mozilla\Firefox\Profiles\mlsoz174.new\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\Nemanja666\AppData\Roaming\Mozilla\Firefox\Profiles\mlsoz174.new\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}\platform\WINNT_x86-msvc\components\FFThrottle.dll
FF - component: c:\users\Nemanja666\AppData\Roaming\Mozilla\Firefox\Profiles\mlsoz174.new\extensions\
[email protected]\components\dwmxpcom.dll
FF - plugin: c:\progra~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Nemanja666\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Nemanja666\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\NEMANJ~1\AppData\Local\Temp\IIR619F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-04 21:08:40
ComboFix-quarantined-files.txt 2010-09-04 19:08
Pre-Run: 12,773,814,272 bytes free
Post-Run: 12,680,814,592 bytes free
- - End Of File - - 822401909BE896897E45A0D5AFA5E6D0