Logfile of random's system information tool 1.08 (written by random/random)
Run by slir at 2011-02-07 07:55:49
Microsoft Windows XP Professional Service Pack 2
System drive C: has 87 GB (57%) free of 153 GB
Total RAM: 3063 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:55:56, on 07.02.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shadow Defender\DefenderDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\My Downloads\Opera_USB_11.00.1055a_Portable\Opera.exe
C:\rsit\RSIT.exe
C:\Program Files\trend micro\slir.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gismeteo.ru/city/legacy/4478
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\PROGRA~1\DOWNLO~1\dmiehlp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Shadow Defender Daemon] "C:\Program Files\Shadow Defender\DefenderDaemon.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: AM: Блокировать картинку    - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=8Q4GRV82&id=menu_ie_image
O8 - Extra context menu item: AM: Блокировать ссылку     - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=8Q4GRV82&id=menu_ie_link
O8 - Extra context menu item: AM: Блокировать фрейм       - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=8Q4GRV82&id=menu_ie_frame
O8 - Extra context menu item: AM: Не фильтровать на странице    - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=8Q4GRV82&id=menu_ie_exclude
O8 - Extra context menu item: AM: Отправить отчет разработчикам        - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=8Q4GRV82&id=menu_ie_report
O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files\Download Master\dmieall.htm
O8 - Extra context menu item: Закачать при помощи Download Master - C:\Program Files\Download Master\dmie.htm
O8 - Extra context menu item: Передать на удаленную закачку DM - C:\Program Files\Download Master\remdown.htm
O9 - Extra button: Cтатистика защиты веб-трафика - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe
O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://etp.roseltorg.ru/files/capicom.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E43F76C-E593-461A-9A09-A8198BF1EC17}: NameServer = 195.38.32.3,195.38.33.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{97F436AA-0663-4C45-B165-C28E76FD4006}: NameServer = 10.1.3.5
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O21 - SSODL: MyDllLoade - {69502F20-E8CD-11D5-A784-0050BF44BD3B} - E:\tlf_new\Win_Coder\BdeInst.dll
O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: FsUsbExService - Unknown owner - C:\WINDOWS\system32\FsUsbExService.Exe (file missing)
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Professional\nmsaccessu.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Корпорация Майкрософт - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Transbase TECDOC CD 1_2011 Service - Unknown owner - H:\TECDOC_CD\1_2011\db\tbmux32.exe (file missing)
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 8833 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ParetoLogic Registration3.job
C:\WINDOWS\tasks\ParetoLogic Update Version3.job
C:\WINDOWS\tasks\XoftSpySE.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-04 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master - C:\PROGRA~1\DOWNLO~1\dmiehlp.dll [2009-04-16 158208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Shadow Defender Daemon"=C:\Program Files\Shadow Defender\DefenderDaemon.exe [2008-09-24 192455]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-05 201992]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-07-15 33636352]
"Ad Muncher"=C:\Program Files\Ad Muncher\AdMunch.exe [2009-12-02 916992]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

C:\Documents and Settings\All Users.WINDOWS\Главное меню\Программы\Автозагрузка
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-04-25 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
MyDllLoade - {69502F20-E8CD-11D5-A784-0050BF44BD3B} - E:\tlf_new\Win_Coder\BdeInst.dll [2000-01-27 3853824]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\My Downloads\TVUPlayer_2.5.2.1.1944_Portable\TVUPlayer_2.5.2.1.1944_Portable\tvuplayer.exe"="E:\My Downloads\TVUPlayer_2.5.2.1.1944_Portable\TVUPlayer_2.5.2.1.1944_Portable\tvuplayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\My Downloads\malwarebytes_portable_1[1].29_multilang\malwarebytes_portable_1.29_multilang\App\Malwarebytes\mbam.exe"="E:\My Downloads\malwarebytes_portable_1[1].29_multilang\malwarebytes_portable_1.29_multilang\App\Malwarebytes\mbam.exe:*:Enabled:Malwarebytes"
"C:\Downloads\AdAwarePortable\AdAwarePortable\App\AdAware\Ad-Aware.exe"="C:\Downloads\AdAwarePortable\AdAwarePortable\App\AdAware\Ad-Aware.exe:*:Enabled:AdAware"
"E:\My Downloads\Daum_PotPlayer_1.5.26332b_Portable\Daum_PotPlayer_1.5.26332b_Portable\PotPlayer_1.5.26332b_Portable_RUS\PotPlayer.exe"="E:\My Downloads\Daum_PotPlayer_1.5.26332b_Portable\Daum_PotPlayer_1.5.26332b_Portable\PotPlayer_1.5.26332b_Portable_RUS\PotPlayer.exe:*:Enabled:PotPlayer (32-разрядная версия)"
"E:\My Downloads\Daum_PotPlayer_1.5.26384b_Portable\Daum_PotPlayer_1.5.26384b_Portable\Daum_PotPlayer_1.5.26384b_Portable_Rus\PotPlayer.exe"="E:\My Downloads\Daum_PotPlayer_1.5.26384b_Portable\Daum_PotPlayer_1.5.26384b_Portable\Daum_PotPlayer_1.5.26384b_Portable_Rus\PotPlayer.exe:*:Enabled:PotPlayer (32-разрядная версия)"

======List of files/folders created in the last 3 months======

2011-02-07 07:15:39 ----D---- C:\20110207
2011-02-06 20:20:47 ----SHD---- C:\RECYCLER
2011-02-06 14:19:22 ----A---- C:\ComboFix.txt
2011-02-06 14:00:41 ----A---- C:\Boot.bak
2011-02-06 14:00:37 ----RASHD---- C:\cmdcons
2011-02-06 13:49:15 ----A---- C:\WINDOWS\zip.exe
2011-02-06 13:49:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-02-06 13:49:15 ----A---- C:\WINDOWS\SWSC.exe
2011-02-06 13:49:15 ----A---- C:\WINDOWS\SWREG.exe
2011-02-06 13:49:15 ----A---- C:\WINDOWS\sed.exe
2011-02-06 13:49:15 ----A---- C:\WINDOWS\PEV.exe
2011-02-06 13:49:15 ----A---- C:\WINDOWS\NIRCMD.exe
2011-02-06 13:49:15 ----A---- C:\WINDOWS\MBR.exe
2011-02-06 13:49:15 ----A---- C:\WINDOWS\grep.exe
2011-02-06 13:49:09 ----D---- C:\WINDOWS\ERDNT
2011-02-06 13:48:04 ----AD---- C:\Qoobox
2011-02-06 11:09:34 ----A---- C:\WINDOWS\system32\drivers\vdexmtm1.sys
2011-02-06 10:14:57 ----D---- C:\rsit
2011-02-06 10:14:57 ----D---- C:\Program Files\trend micro
2011-02-06 10:14:29 ----D---- C:\Program Files\RSIT
2011-02-06 09:21:15 ----D---- C:\Hijack
2011-02-06 08:19:42 ----D---- C:\20110206
2011-02-05 19:33:38 ----D---- C:\WINDOWS\system32\Java
2011-02-05 14:30:31 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avanquest
2011-02-05 14:28:31 ----A---- C:\WINDOWS\system32\AQLogFile.txt
2011-02-05 14:28:03 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\Avanquest
2011-02-05 14:27:55 ----D---- C:\Program Files\Common Files\AntiVirus
2011-02-03 08:21:28 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\Mozilla.000
2011-01-24 09:03:07 ----A---- C:\WINDOWS\system32\Redemption.dll
2011-01-24 09:02:32 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\Samsung
2011-01-13 21:43:22 ----D---- C:\La2
2011-01-10 08:49:22 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\SuperHideIP
2011-01-10 08:49:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SuperHideIP
2011-01-08 08:30:27 ----D---- C:\Program Files\DiskInternals
2011-01-08 08:22:41 ----D---- C:\Program Files\GetData
2011-01-07 13:44:07 ----A---- C:\WINDOWS\NFINST.INI
2011-01-07 13:43:58 ----A---- C:\WINDOWS\system32\Ot60as.dll
2011-01-07 13:43:58 ----A---- C:\WINDOWS\system32\Osc60as.dll
2011-01-07 13:43:58 ----A---- C:\WINDOWS\system32\Og70as.dll
2011-01-07 13:43:58 ----A---- C:\WINDOWS\system32\Oe60as.dll
2011-01-07 13:43:54 ----D---- C:\WINDOWS\CRYSTAL
2011-01-07 13:43:54 ----A---- C:\WINDOWS\system32\P2SODBC.DLL
2011-01-07 13:43:54 ----A---- C:\WINDOWS\system32\P2IRDAO.DLL
2011-01-07 13:43:54 ----A---- C:\WINDOWS\system32\P2BDAO.DLL
2011-01-07 13:43:54 ----A---- C:\WINDOWS\system32\P2BBND.DLL
2011-01-07 13:43:54 ----A---- C:\WINDOWS\system32\CTDAO.DLL
2011-01-07 13:43:53 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2011-01-07 13:43:53 ----A---- C:\WINDOWS\system32\IMPLODE.DLL
2011-01-07 13:43:53 ----A---- C:\WINDOWS\system32\CRPE32.DLL
2011-01-07 13:43:53 ----A---- C:\WINDOWS\system32\CO2C40EN.DLL
2011-01-07 09:23:48 ----D---- C:\Program Files\Common Files\Real
2011-01-07 09:23:47 ----D---- C:\WINDOWS\system32\Adobe
2011-01-07 08:41:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TECDOC_CD
2011-01-07 08:41:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\OfflineCatalog
2011-01-04 09:10:03 ----D---- C:\Program Files\NCH Software
2011-01-03 14:03:54 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\VitySoft
2011-01-03 13:58:55 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2011-01-03 13:58:53 ----D---- C:\Program Files\Common Files\Java
2011-01-03 13:58:15 ----D---- C:\Program Files\Java
2011-01-03 13:56:47 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\Sun
2011-01-03 10:39:55 ----D---- C:\Program Files\RecKiller
2011-01-02 07:53:49 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\CUE Tools
2011-01-02 07:53:27 ----D---- C:\Program Files\CueTools
2011-01-01 20:19:31 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\xrecode2
2011-01-01 20:15:45 ----D---- C:\Program Files\Medieval Software
2010-12-25 10:57:52 ----D---- C:\Music
2010-12-25 05:27:38 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\NCH Swift Sound
2010-12-24 14:54:38 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\winxzip
2010-12-18 11:24:01 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\PlatinumHideIP
2010-12-18 11:24:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlatinumHideIP
2010-12-18 10:01:13 ----D---- C:\sniff
2010-12-13 21:01:52 ----A---- C:\WINDOWS\system32\drivers\PortTalk.sys
2010-11-28 16:09:16 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\Leadertech
2010-11-22 18:50:34 ----D---- C:\cob2011

======List of files/folders modified in the last 3 months======

2011-02-07 07:55:51 ----AD---- C:\Temp
2011-02-07 07:37:27 ----D---- C:\WINDOWS\Temp
2011-02-07 07:29:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2011-02-07 07:19:01 ----D---- C:\WINDOWS\system32\drivers
2011-02-07 07:18:59 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-06 20:20:55 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\uTorrent
2011-02-06 14:18:49 ----SD---- C:\WINDOWS\Tasks
2011-02-06 14:14:07 ----D---- C:\WINDOWS
2011-02-06 14:14:06 ----N---- C:\WINDOWS\system.ini
2011-02-06 14:13:20 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-06 14:11:33 ----D---- C:\WINDOWS\system32\config
2011-02-06 14:11:11 ----D---- C:\WINDOWS\system32
2011-02-06 14:10:14 ----D---- C:\WINDOWS\AppPatch
2011-02-06 14:10:09 ----D---- C:\Program Files\Common Files
2011-02-06 14:00:41 ----RASH---- C:\boot.ini
2011-02-06 13:49:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-02-06 13:49:15 ----SHD---- C:\System Volume Information
2011-02-06 13:49:15 ----D---- C:\WINDOWS\system32\Restore
2011-02-06 11:08:51 ----D---- C:\WINDOWS\Minidump
2011-02-06 11:08:50 ----D---- C:\WINDOWS\Prefetch
2011-02-06 10:14:57 ----D---- C:\Program Files
2011-02-05 19:37:14 ----D---- C:\Program Files\Spyware Terminator
2011-02-05 19:37:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator
2011-02-05 19:31:22 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\Spyware Terminator
2011-02-05 18:45:34 ----SHD---- C:\WINDOWS\Installer
2011-02-05 18:45:34 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-02-05 18:45:32 ----D---- C:\WINDOWS\WinSxS
2011-02-05 08:45:42 ----A---- C:\WINDOWS\ntbtlog.txt
2011-02-05 07:53:08 ----D---- C:\Tmp
2011-02-04 19:26:18 ----D---- C:\LineageII
2011-02-03 08:18:42 ----D---- C:\pesni
2011-01-25 17:43:42 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-24 09:11:24 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-24 09:10:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
2011-01-24 09:09:33 ----HD---- C:\WINDOWS\inf
2011-01-24 09:09:33 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-01-24 09:04:23 ----D---- C:\Program Files\REALTEK Semiconductor Corp
2011-01-24 08:05:51 ----D---- C:\WINDOWS\SxsCaPendDel
2011-01-24 07:58:16 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2011-01-20 19:47:35 ----D---- C:\cob2010
2011-01-13 17:34:44 ----D---- C:\Program Files\uTorrent
2011-01-12 08:15:15 ----A---- C:\WINDOWS\psa_fe.ini
2011-01-12 05:28:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-01-10 14:06:10 ----D---- C:\Documents and Settings\slir.COMPUTER000\Application Data\Thinstall
2011-01-08 08:40:29 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2011-01-07 09:23:47 ----D---- C:\Program Files\Common Files\Adobe
2011-01-04 16:10:54 ----A---- C:\WINDOWS\system32\DIFxAPI.dll
2011-01-04 16:10:54 ----A---- C:\WINDOWS\system32\dgderapi.dll
2011-01-03 20:58:43 ----A---- C:\WINDOWS\cdplayer.ini
2011-01-03 20:58:14 ----A---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ss.ini
2011-01-01 10:31:29 ----D---- C:\Program Files\Movie Maker
2010-12-18 14:19:38 ----D---- C:\Downloads
2010-12-18 14:12:44 ----D---- C:\Avz
2010-12-18 12:01:29 ----D---- C:\Program Files\Reg Organizer
2010-12-18 10:24:53 ----D---- C:\WINDOWS\repair
2010-12-11 11:33:28 ----D---- C:\Program Files\Ad Muncher

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 diskpt;diskpt; C:\WINDOWS\system32\drivers\diskpt.sys [2008-09-24 182260]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2009-07-18 93096]
R0 kl1;Kl1; C:\WINDOWS\system32\drivers\kl1.sys [2008-11-02 112144]
R0 klbg;Kaspersky Lab Boot Guard Driver; C:\WINDOWS\system32\drivers\klbg.sys [2009-02-05 33808]
R0 mv61xx;mv61xx; C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2008-06-24 150568]
R0 ohci1394;VIA OHCI-совместимый IEEE 1394 хост-контроллер; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-02-11 717296]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 intelppm;Драйвер Intel процессора; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 40448]
R1 klif;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-05 213520]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 irda;ИК-протокол IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R3 Arp1394;Протокол клиента 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 EL90XBC;3Com EtherLink XL 90XB/C, драйвер адаптера; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Драйвер класса HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2004-08-17 63744]
R3 mouhid;Драйвер мыши HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-19 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;Сетевой драйвер 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-11-04 47360]
R3 Rasirda;Минипорт WAN (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-06-05 142336]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-07-10 1381632]
S1 kbdhid;Драйвер клавиатуры HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 ahns78hs;ahns78hs; C:\WINDOWS\system32\drivers\ahns78hs.sys []
S3 av4h7n41;av4h7n41; C:\WINDOWS\system32\drivers\av4h7n41.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2011-01-04 18120]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 36864]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 npkcrypt;npkcrypt; \??\C:\La2\system\npkcrypt.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567]
S3 PsSdk40;PsSdk40; \??\C:\WINDOWS\system32\Drivers\pssdk40.sys []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys []
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
S3 SIVDRIVER;SIV Kernel Driver; \??\C:\WINDOWS\system32\Drivers\SIVX32.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2010-06-06 5632]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\Drivers\TVicHW32.sys []
S3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Драйвер USB-сканера; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 wanusb;D-Link DSL-200 USB ADSL WAN Modem; C:\WINDOWS\system32\DRIVERS\gwausb.sys [2005-09-22 158592]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys [2009-09-01 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys [2009-09-01 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys [2009-09-01 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys [2009-09-01 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys [2009-09-01 25704]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys []
S4 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S4 HWiNFO32;HWiNFO32 Kernel Driver; \??\F:\hw\HWiNFO32.SYS []
S4 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys []
S4 npkycryp;npkycryp; \??\C:\La2\system\npkycryp.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-01-03 153376]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-27 488960]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 avp;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-05 201992]
S2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe []
S2 Irmon;Монитор инфракрасной связи; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 NMSAccessU;NMSAccessU; C:\Program Files\BurnAware Professional\nmsaccessu.exe [2008-05-03 71096]
S2 Transbase TECDOC CD 1_2011 Service;Transbase TECDOC CD 1_2011 Service; H:\TECDOC_CD\1_2011\db\tbmux32.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-07-12 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-08-31 3407412]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 XoftSpyService;XoftSpyService; C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe [2009-08-29 582424]
S4 2GIS UpdateClientService;2GIS UpdateClientService; C:\Program Files\2gis\UpdateClientWin32\UpdateClientService.exe [2008-09-17 1134592]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

-----------------EOF-----------------