Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help needed! Worm infection!


  • Please log in to reply
24 replies to this topic

#1 yessiesskies

yessiesskies

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 10 April 2011 - 10:17 PM

Hey!

I would appreciate help with removing worm Win32 Bronton-CE. Avast doesn`t seem to be able to remove it. I emptied virus chest but it keeps coming back. Besides, there is what i think another malware in Recycler which i can`t access!

Please help if possible!

Yess

Edited by Budapest, 10 April 2011 - 10:46 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:05 PM

Posted 11 April 2011 - 11:57 AM

Hello and :welcome: to BleepingComputer.

Let's see what we're dealing with here.

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
***************************************************

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link

IMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from http://data.mbamupdates.com/tools/mbam-rules.exe'>here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

~Blade


In your next reply, please include the following:
Malwarebytes Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 yessiesskies

yessiesskies
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 13 April 2011 - 08:23 AM

Hi!

I did what you instructed. Computer rebooted after MBAM removal but without asking anything. I just restarted.

Here are the logs:

rkill

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12.04.2011 at 12:07:45.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Matija\Application Data\Dropbox\bin\Dropbox.exe


Rkill completed on 12.04.2011 at 12:08:06.

MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6340

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.04.2011 19:59:55
mbam-log-2011-04-13 (19-59-55).txt

Scan type: Quick scan
Objects scanned: 163306
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\documents\My Music\My Music.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\documents and settings\all users\documents\my pictures\my pictures.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:05 PM

Posted 14 April 2011 - 05:39 AM

Hello.

Let's cross check those results with another scan.

Download TFC by OldTimer to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.
Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

NOTE:
It's normal after running TFC that the PC will be slower to boot the first time.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.


***************************************************

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (uncheck all others):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". When logging in, log in under the account that you normally use; do NOT log in under the account titled "Admin" or "Administrator" unless this account is the one used normally.

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

~Blade


In your next reply, please include the following:
SUPERAntiSpyware Log
How is the computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 yessiesskies

yessiesskies
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 14 April 2011 - 11:20 PM

Hey Blade!

I cross examined with SuperAntiSpyware app and find quite a few more Trojans. Besides, i saw there were almost a hundred tracking cookies installed on my comp but from pages that i actually trust e.g. hostgator.com. Could these cookies be a gateway for Trojan`s. I would appreciate your opinion on this.

Here is the recent log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/15/2011 at 00:41 AM

Application Version : 4.50.1002

Core Rules Database Version : 6833
Trace Rules Database Version: 4645

Scan type : Complete Scan
Total Scan Time : 03:28:01

Memory items scanned : 288
Memory threats detected : 0
Registry items scanned : 6742
Registry threats detected : 0
File items scanned : 183194
File threats detected : 108

Trojan.Agent/Gen-FakeSec
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\ADOBE PDF\EXTRAS\EXTRAS.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\ADOBE PDF\SETTINGS\SETTINGS.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DATA COM.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY MUSIC\SAMPLE MUSIC\SAMPLE MUSIC.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY MUSIC\SYNC PLAYLISTS\20FE1B\20FE1B.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY PICTURES\SAMPLE PICTURES\SAMPLE PICTURES.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\MY VIDEOS\MY VIDEOS.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\OD MARTINA\OD MARTINA.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\SHAREDDOCS.EXE

Adware.Tracking Cookie
www.etracker.de [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.clickbank.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
content.clickbank.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
in.getclicky.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
www.clickmanage.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
www.clickmanage.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.kontera.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
counters.gigya.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.webresint.122.2o7.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.mm.chitika.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
segment-pixel.invitemedia.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.legolas-media.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.adxpose.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
server.iad.liveperson.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.azjmp.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.azjmp.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
tracking.hostgator.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.clickbank.net [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.micronichefinder.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.micronichefinder.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
www.micronichefinder.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
tracking.hostgator.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.ehg-tfl.hitbox.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.hitbox.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.ehg-tfl.hitbox.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
host-tracker.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.host-tracker.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
.host-tracker.com [ C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\cookies.sqlite ]
C:\Documents and Settings\Matija\Cookies\matija@ad.yieldmanager[2].txt
C:\Documents and Settings\Matija\Cookies\matija@adbrite[1].txt
C:\Documents and Settings\Matija\Cookies\matija@chitika[2].txt
C:\Documents and Settings\Matija\Cookies\matija@content.yieldmanager[1].txt
C:\Documents and Settings\Matija\Cookies\matija@content.yieldmanager[3].txt
C:\Documents and Settings\Matija\Cookies\matija@doubleclick[1].txt
C:\Documents and Settings\Matija\Cookies\matija@paypal.112.2o7[1].txt

Trojan.RootKit/Gen
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS\RKHIT.SYS.VIR

Trojan.Agent/Gen-XPFraud
H:\RECYCLE.EXE

Thanks!

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:05 PM

Posted 15 April 2011 - 12:35 PM

i saw there were almost a hundred tracking cookies installed on my comp but from pages that i actually trust e.g. hostgator.com. Could these cookies be a gateway for Trojan`s.

No. Tracking cookies are used by ad services to know what pages are being visited by a particular IP address so that more targeted ads can be delivered. Some consider this a breach of privacy, but they are not an infection or system security risk in and of themselves.

How's the computer running now?

~Blade.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 yessiesskies

yessiesskies
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 16 April 2011 - 12:45 AM

The malware is definitely gone and i don`t receive any massages whatsoever. Unfortunately, there are few issues that emerged.
There are few things that were not happening before:

-EEE ACPI device has encountered a problem upon OS start-up
-sudden freezing of computer when i can`t even access Task manager
-Mozilla Firefox started to have issues like freezing, not responding
-ok, this one is kinda strange but i`ll mention it nonetheless...YouTube consistently stops loading on particular amount of downloaded data (i`m clueless about this one)

I`m usually using CCleaner to tidy my temps and registry. TFC didn`t prompt me to back-up my registry. Is it possible that this is a problem? Besides, it was my mistake not to back it up but frankly i forgot to do so. I do have back-ups but they are at least a month old.

What do you think?

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:05 PM

Posted 16 April 2011 - 01:07 AM

TFC doesn't modify the registry.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
***************************************************

Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

~Blade


In your next reply, please include the following:
ESET Online Scan Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 yessiesskies

yessiesskies
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 17 April 2011 - 11:32 AM

OK, i did a scan with ESET. I did find some threats but they are keygen`s. Here is the log:

C:\Documents and Settings\All Users\Documents\Od Martina\Dreamwever CS3.rar a variant of Win32/Keygen.AH application
C:\Qoobox\Quarantine\C\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\{cea9df7c-da4f-43dd-8db1-439106990f84}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\{cea9df7c-da4f-43dd-8db1-439106990f84}\chrome\xulcache.jar.vir JS/Agent.NCP trojan
D:\Documents\Downloads\Adobe Photoshop Elements 7\Adobe Photoshop Elements 7.rar a variant of Win32/Keygen.BH application
D:\Documents\Downloads\Windows.xp.sp3.5512.cdr.august.2008.with.sata+raid\Windows.xp.sp3.5512.CDR.august.2008.with.(sata+raid).iso multiple threats
D:\Documents\Prenosi\ACDSee.Pro.2.v2.5.335.FR.Incl-Keygen.[emule-island.com]\Keygen\keygen.exe a variant of Win32/Keygen.AG application
D:\Documents\Prenosi\Executable downloads\InstantSpywareRemoval.exe multiple threats
D:\Documents\Prenosi\Executable downloads\Adobe Photoshop Elements 7\Activation\keygen.exe a variant of Win32/Keygen.BH application
D:\Documents\Prenosi\Executable downloads\Adobe_Flash_CS3_Professional_v9_0_with_Keygen\_crack_\Keygen.exe a variant of Win32/Keygen.AH application
D:\Documents\Prenosi\Executable downloads\Dreamweaver\Dreamwever CS3\Dreamweaver CS3 Final Keygen.exe a variant of Win32/Keygen.AH application

I don`t think these really pose a threat! What do you reckon? Computer seems to "stabilize" somhow after a few reboots. I would only ask one thing more. I think there are unneccessary processes running. I just know for on for sure Windows MSN which always starts ut i just can`t find how to remove it.

Thanks!

#10 yessiesskies

yessiesskies
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 18 April 2011 - 04:44 AM

Ok, i have a major problem now. Yesterday after running ESET everything seemed to work just fine. Today i booted the computer normally and the Desktop loaded normally but then everything freezed. I couldn`t start task manager so i had to shut down the computer via power button. Upon second booting Desktop loaded the cursor could be moved but i couldn`t click on anything and later it freezed again altogether. I rebooted again via Power button and was able to start up in safe mode with networking.

Please help! Any ideas on why this happened!

Thanks!

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:05 PM

Posted 18 April 2011 - 05:20 PM

Hello.

I am moving this topic to the specialized Malware Removal Forum for advanced removal routines. Since you can't use Normal Mode, the following should be performed in Safe Mode.

Hello, and :welcome: to the Malware Removal forum!

In the upper right hand corner of the topic you will see a button called Watch Topic. By clicking this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. :)

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold


    netsvc
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Push the Posted Image button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.

***************************************************

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.log" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and copy/paste its contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try unchecking the Devices box in addition to the others previously requested. Also, try running GMER in Safe Mode.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt
Gmer.log

Edited by Blade Zephon, 18 April 2011 - 05:23 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 yessiesskies

yessiesskies
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 19 April 2011 - 07:01 AM

Hey Blade!

I can boot normally now but i recieve the massage that "System has recovered from a serious error"! I was able to scan normally with OTL but with GMER i have a problem which is that computer roobts automatically somewhere on 3/4 of a scan and i can not save the log. I unchecked the Devices and also ran it in safe mode but no joy.

So, for now only OTL logs (please advise on GMER):

OTL Extras logfile created on: 19.04.2011 12:05:13 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Matija\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: dd.MM.yyyy

1.015,00 Mb Total Physical Memory | 510,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72,06 Gb Total Space | 0,58 Gb Free Space | 0,81% Space Free | Partition Type: NTFS
Drive D: | 72,05 Gb Total Space | 12,52 Gb Free Space | 17,38% Space Free | Partition Type: NTFS
Drive H: | 3,69 Gb Total Space | 2,55 Gb Free Space | 69,23% Space Free | Partition Type: FAT32

Computer Name: MATIJA_ASUS | User Name: Matija | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3535294813-1865296661-468535058-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Wipeer\wipeer.exe" = C:\Program Files\Wipeer\wipeer.exe:*:Enabled:WiPeer -- ()
"C:\Program Files\Wipeer\wipeerd\wipeerd.exe" = C:\Program Files\Wipeer\wipeerd\wipeerd.exe:*:Enabled:wipeerd -- ()
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla -- (FileZilla Project)
"C:\Program Files\360Share Pro\jre\bin\javaw.exe" = C:\Program Files\360Share Pro\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE Binary -- (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- (MySQL AB)
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\eStroke\flashServer.exe" = C:\Program Files\eStroke\flashServer.exe:*:Enabled:flashServer -- ()
"C:\Documents and Settings\Matija\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Matija\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 24
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3CE38653-850E-4EFC-AC05-C956840CC905}" = speechsdk51
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5CED124D-2C9E-4E7D-8C9D-E69AD6244B57}" = Adobe Setup
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C118AC-FA2A-4E9C-A76E-DC22CA4FC20D}" = Dr.Eee EN
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.1
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Join Air
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E188D820-1218-4E28-8BCA-91134C3664C2}" = Ulead VideoStudio 10
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"360Share Pro" = 360Share Pro(remove only)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Any Video Converter_is1" = Any Video Converter 3.1.8
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"Crimson Editor SVN286" = Crimson Editor SVN286
"crydrs_is1" = Cryptainer Drivers
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DMX5_is1" = DriverMax 5
"Eee Docking_is1" = Eee Docking 1.3.4.0
"Eee PC_1005HA" = Eee PC_1005HA Screen Saver
"Eee Storage" = Eee Storage
"ESET Online Scanner" = ESET Online Scanner v3
"eStroke" = eStroke Animated Chinese Character
"EXCEL" = Microsoft Office Excel 2007
"FastStone Image Viewer" = FastStone Image Viewer 4.2
"Foto Genij_is1" = Foto_Genij
"Foxit Reader" = Foxit Reader
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.1" = Freecorder
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{64C118AC-FA2A-4E9C-A76E-DC22CA4FC20D}" = Dr.Eee EN
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mp3tag" = Mp3tag v2.46a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetObjects Fusion Essentials" = NetObjects Fusion Essentials
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Password Safe" = Password Safe
"Picasa 3" = Picasa 3
"sscrLE_is1" = Cryptainer LE
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wipeer_is1" = Wipeer version 0.75
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WORD" = Microsoft Office Word 2007
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Yankee Clipper III" = Yankee Clipper III

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3535294813-1865296661-468535058-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.3.5.1
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.04.2011 01:34:05 | Computer Name = MATIJA_ASUS | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
. Error code = 0x80131047

Error - 16.04.2011 01:13:22 | Computer Name = MATIJA_ASUS | Source = Application Error | ID = 1000
Description = Faulting application asacpisvr.exe, version 6.1.1.1008, faulting module
asacpisvr.exe, version 6.1.1.1008, fault address 0x000075e5.

Error - 16.04.2011 02:43:39 | Computer Name = MATIJA_ASUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 16.04.2011 02:43:39 | Computer Name = MATIJA_ASUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 17.04.2011 00:52:50 | Computer Name = MATIJA_ASUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 17.04.2011 00:52:50 | Computer Name = MATIJA_ASUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 17.04.2011 00:58:26 | Computer Name = MATIJA_ASUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 17.04.2011 00:58:26 | Computer Name = MATIJA_ASUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 17.04.2011 02:05:13 | Computer Name = MATIJA_ASUS | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: This operation returned because the timeout period expired.

Error - 18.04.2011 04:58:46 | Computer Name = MATIJA_ASUS | Source = Application Error | ID = 1000
Description = Faulting application asacpisvr.exe, version 6.1.1.1008, faulting module
asacpisvr.exe, version 6.1.1.1008, fault address 0x000075e5.

[ OSession Events ]
Error - 17.12.2009 20:32:33 | Computer Name = MATIJA_ASUS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 103
seconds with 60 seconds of active time. This session ended with a crash.

Error - 01.02.2010 18:26:27 | Computer Name = MATIJA_ASUS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11612
seconds with 5220 seconds of active time. This session ended with a crash.

Error - 04.09.2010 16:46:33 | Computer Name = MATIJA_ASUS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 683
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29.11.2010 06:58:57 | Computer Name = MATIJA_ASUS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1697
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 18.04.2011 14:43:10 | Computer Name = MATIJA_ASUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 18.04.2011 14:43:23 | Computer Name = MATIJA_ASUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AsUpIO aswSnx aswSP aswTdi BANTExt Fips intelppm SASDIFSV SASKUTIL ssoftnt4

Error - 18.04.2011 14:44:09 | Computer Name = MATIJA_ASUS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0025D35B14ED. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 18.04.2011 14:49:07 | Computer Name = MATIJA_ASUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 18.04.2011 14:50:29 | Computer Name = MATIJA_ASUS | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 19.04.2011 00:13:22 | Computer Name = MATIJA_ASUS | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 19.04.2011 00:17:47 | Computer Name = MATIJA_ASUS | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 19.04.2011 00:20:34 | Computer Name = MATIJA_ASUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AsUpIO aswSnx aswSP aswTdi BANTExt Fips intelppm SASDIFSV SASKUTIL ssoftnt4

Error - 19.04.2011 00:21:09 | Computer Name = MATIJA_ASUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 19.04.2011 01:15:31 | Computer Name = MATIJA_ASUS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0025D35B14ED. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.


< End of report >

OTL logfile created on: 19.04.2011 12:05:13 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Matija\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: dd.MM.yyyy

1.015,00 Mb Total Physical Memory | 510,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72,06 Gb Total Space | 0,58 Gb Free Space | 0,81% Space Free | Partition Type: NTFS
Drive D: | 72,05 Gb Total Space | 12,52 Gb Free Space | 17,38% Space Free | Partition Type: NTFS
Drive H: | 3,69 Gb Total Space | 2,55 Gb Free Space | 69,23% Space Free | Partition Type: FAT32

Computer Name: MATIJA_ASUS | User Name: Matija | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.04.19 11:29:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matija\Desktop\OTL.exe
PRC - [2011.03.24 04:02:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.07.12 19:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2008.04.14 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.05 12:02:00 | 001,079,752 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE


========== Modules (SafeList) ==========

MOD - [2011.04.19 11:29:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matija\Desktop\OTL.exe
MOD - [2010.08.23 23:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.02.23 22:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.01.24 13:40:14 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.10.27 15:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.01.31 15:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011.02.23 21:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.02.23 21:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.02.23 21:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.02.23 21:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.02.23 21:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.02.23 21:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.02.23 21:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.05.11 01:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.04.28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010.02.18 01:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.02.03 19:36:32 | 000,097,784 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssoftnt4.sys -- (ssoftnt4)
DRV - [2009.11.04 16:41:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.11.04 16:41:36 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.11.04 16:41:28 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.06 17:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.10.06 17:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.10.06 17:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 17:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 17:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 17:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.07.06 09:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009.03.30 16:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.03.14 13:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009.03.02 12:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008.11.19 08:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008.08.26 15:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.19 21:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.08.19 21:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.08.05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.07.24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.05.30 10:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.05.06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.04.09 05:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2008.03.10 17:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008.02.27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008.02.04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006.01.04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 B6 99 0C DD 38 23 44 B1 E1 27 4B D9 D3 25 17 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 B6 99 0C DD 38 23 44 B1 E1 27 4B D9 D3 25 17 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 B6 99 0C DD 38 23 44 B1 E1 27 4B D9 D3 25 17 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 B6 99 0C DD 38 23 44 B1 E1 27 4B D9 D3 25 17 [binary data]

IE - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=falco
IE - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 B6 99 0C DD 38 23 44 B1 E1 27 4B D9 D3 25 17 [binary data]
IE - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: sl@dictionaries.addons.mozilla.org:0.1.1.1
FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:3.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: openmedspel@e-medtools.com:1.0.9
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {65e41d20-f092-41b7-bb83-c6e8a9ab0f57}:0.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:2.01
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.4
FF - prefs.js..extensions.enabledItems: {6e098d65-7d2d-46d4-ada0-2f882a29f795}:0.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.1.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.7
FF - prefs.js..network.proxy.http: "127.0.0.1:8580"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.12.20 22:26:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.27 06:06:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 04:02:16 | 000,000,000 | ---D | M]

[2011.03.01 00:54:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Extensions
[2011.04.19 11:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions
[2011.02.16 18:30:32 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2011.03.15 18:41:40 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010.12.02 21:57:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.03.19 14:55:34 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010.12.24 09:45:45 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011.03.04 05:40:42 | 000,000,000 | ---D | M] ("Boomerang for GMail") -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
[2011.02.07 14:30:41 | 000,000,000 | ---D | M] (CHM Reader) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
[2010.04.21 20:01:33 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2010.12.24 09:45:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.15 18:41:40 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\engine@conduit.com
[2011.02.25 12:33:31 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\firebug@software.joehewitt.com
[2011.03.19 14:55:32 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\foxmarks@kei.com
[2010.04.21 20:01:33 | 000,000,000 | ---D | M] (Dictionnaire français «Réforme 1990») -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\fr@dictionaries.addons.mozilla.org
[2010.12.10 02:49:17 | 000,000,000 | ---D | M] (OpenMedSpel) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\openmedspel@e-medtools.com
[2011.02.17 20:36:27 | 000,000,000 | ---D | M] (Dictionary for the Slovene language) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\sl@dictionaries.addons.mozilla.org
[2010.12.02 21:01:28 | 000,000,000 | ---D | M] ("Alexa Toolbar") -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\toolbar@alexa.com
[2011.03.27 06:01:30 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\extensions\toolbar@ask.com
[2010.06.24 15:49:52 | 000,002,095 | ---- | M] () -- C:\Documents and Settings\Matija\Application Data\Mozilla\Firefox\Profiles\r414bzh2.default\searchplugins\google--infoaxe.xml
[2011.04.17 21:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.10 21:16:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.23 09:22:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.19 18:40:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.12.20 22:26:45 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009.11.15 22:47:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009.10.24 02:55:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.18 20:11:23 | 000,010,799 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ceneji.xml
[2010.10.13 21:35:40 | 000,002,037 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchfalco.xml
[2010.09.21 21:12:59 | 000,001,503 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iskalnik-gov-si.xml
[2010.09.21 21:12:59 | 000,001,420 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\najdi-si.xml
[2010.10.18 20:11:23 | 000,003,584 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\odpiralni.xml
[2010.10.18 20:11:23 | 000,006,155 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml
[2010.10.18 20:11:23 | 000,001,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sl.xml

O1 HOSTS File: ([2011.01.24 14:21:38 | 000,000,509 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Matija\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Matija\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Matija\Start Menu\Programs\Startup\PandaUSBVaccine.lnk = C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3535294813-1865296661-468535058-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.144.207.29 203.144.207.49
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Matija\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matija\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.21 02:19:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.10.02 15:39:42 | 000,000,016 | ---- | M] () - H:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011.04.19 12:00:35 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matija\Desktop\OTL.exe
[2011.04.18 16:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Cryptainer
[2011.04.14 20:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matija\Application Data\SUPERAntiSpyware.com
[2011.04.14 20:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011.04.14 20:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matija\Start Menu\Programs\SUPERAntiSpyware
[2011.04.14 20:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.04.14 20:44:11 | 010,880,800 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Matija\Desktop\SUPERAntiSpyware.exe
[2011.04.14 20:38:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matija\Desktop\TFC.exe
[2011.04.12 11:59:22 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matija\Desktop\bubbles.exe
[2011.03.31 02:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matija\Desktop\Toddove zadeve
[2011.03.27 20:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matija\Application Data\PriceGong
[2011.03.26 13:38:40 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.03.23 18:54:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matija\Recent
[1 C:\Documents and Settings\Matija\*.tmp files -> C:\Documents and Settings\Matija\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.04.19 12:05:37 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Matija\Desktop\5tdvy5cz.exe
[2011.04.19 12:01:23 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.04.19 12:00:05 | 000,007,689 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011.04.19 11:29:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matija\Desktop\OTL.exe
[2011.04.19 11:20:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.19 11:18:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.19 01:53:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011.04.19 01:50:10 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.18 01:12:00 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.18 00:01:03 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.04.17 19:34:50 | 000,441,582 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.17 19:34:50 | 000,071,454 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.17 19:29:14 | 000,307,941 | ---- | M] () -- C:\Documents and Settings\Matija\Desktop\Todd_passport.jpg
[2011.04.17 19:28:20 | 000,239,274 | ---- | M] () -- C:\Documents and Settings\Matija\Desktop\Todd_credit.jpg
[2011.04.17 19:24:58 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Matija\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.16 12:15:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.15 10:50:26 | 002,192,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.14 20:57:12 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\Matija\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.04.14 20:41:26 | 010,880,800 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Matija\Desktop\SUPERAntiSpyware.exe
[2011.04.14 20:37:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matija\Desktop\TFC.exe
[2011.04.12 12:14:58 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.12 11:58:41 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Matija\Desktop\bubbles.exe
[2011.04.12 11:51:35 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Matija\Desktop\ratkiller.scr
[2011.04.09 20:39:17 | 000,000,660 | ---- | M] () -- C:\WINDOWS\zipgenius.xml
[2011.04.09 20:38:20 | 000,666,626 | ---- | M] () -- D:\Documents\flovent.pdf
[2011.04.09 20:37:26 | 000,255,964 | ---- | M] () -- D:\Documents\fluticasone.pdf
[2011.04.09 20:32:43 | 000,035,645 | ---- | M] () -- D:\Documents\Flixotide.pdf
[2011.04.09 20:23:10 | 000,003,587 | ---- | M] () -- C:\Documents and Settings\Matija\Application Data\mainhst.zgh
[2011.04.09 10:07:29 | 000,077,398 | ---- | M] () -- D:\Documents\Kortizol.pdf
[2011.04.06 22:53:44 | 000,109,943 | ---- | M] () -- D:\Documents\Ultimate-Heatmap 30.pdf
[2011.04.06 22:47:50 | 000,104,249 | ---- | M] () -- D:\Documents\Ultimate-Heatmap 29.pdf
[2011.04.06 22:32:39 | 000,106,837 | ---- | M] () -- D:\Documents\Ultimate-Heatmap 31.pdf
[2011.04.01 14:31:26 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.03.26 13:38:40 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.03.23 18:56:31 | 000,007,348 | ---- | M] () -- D:\Documents\cc_20110323_185622.reg
[2011.03.22 06:29:54 | 000,049,513 | ---- | M] () -- D:\Documents\Doc1.pdf
[2011.03.22 04:56:15 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2011.03.22 02:01:54 | 000,069,240 | ---- | M] () -- D:\Documents\all-thumbs-up.jpg
[2011.03.22 01:42:31 | 000,020,093 | ---- | M] () -- D:\Documents\Windsurfing_Catching_Wave.jpg
[2011.03.22 01:39:14 | 000,023,214 | ---- | M] () -- D:\Documents\success-21.jpg
[2011.03.22 00:23:38 | 000,055,004 | ---- | M] () -- D:\Documents\Growth_Graph.jpg
[2011.03.21 23:50:51 | 000,111,992 | ---- | M] () -- D:\Documents\E-commerce.jpg
[2011.03.21 21:53:10 | 000,082,580 | ---- | M] () -- D:\Documents\business-people-shaking-hands.jpg
[2011.03.21 21:37:32 | 000,023,054 | ---- | M] () -- D:\Documents\affiliate-marketing.jpg
[2011.03.21 02:00:50 | 000,042,331 | ---- | M] () -- D:\Documents\01.gif
[2011.03.21 01:40:27 | 000,005,366 | ---- | M] () -- D:\Documents\0004.jpg
[1 C:\Documents and Settings\Matija\*.tmp files -> C:\Documents and Settings\Matija\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.04.19 12:05:56 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Matija\Desktop\5tdvy5cz.exe
[2011.04.17 19:26:38 | 000,239,274 | ---- | C] () -- C:\Documents and Settings\Matija\Desktop\Todd_credit.jpg
[2011.04.17 19:24:24 | 000,307,941 | ---- | C] () -- C:\Documents and Settings\Matija\Desktop\Todd_passport.jpg
[2011.04.14 20:57:12 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\Matija\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.04.12 12:14:58 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.12 11:53:29 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Matija\Desktop\ratkiller.scr
[2011.04.09 20:38:48 | 000,666,626 | ---- | C] () -- D:\Documents\flovent.pdf
[2011.04.09 20:37:50 | 000,255,964 | ---- | C] () -- D:\Documents\fluticasone.pdf
[2011.04.09 20:35:44 | 000,035,645 | ---- | C] () -- D:\Documents\Flixotide.pdf
[2011.04.09 10:39:15 | 000,077,398 | ---- | C] () -- D:\Documents\Kortizol.pdf
[2011.04.06 22:53:44 | 000,109,943 | ---- | C] () -- D:\Documents\Ultimate-Heatmap 30.pdf
[2011.04.06 22:47:50 | 000,104,249 | ---- | C] () -- D:\Documents\Ultimate-Heatmap 29.pdf
[2011.04.06 22:32:39 | 000,106,837 | ---- | C] () -- D:\Documents\Ultimate-Heatmap 31.pdf
[2011.03.24 03:01:01 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011.03.23 18:56:27 | 000,007,348 | ---- | C] () -- D:\Documents\cc_20110323_185622.reg
[2011.03.22 06:01:16 | 000,049,513 | ---- | C] () -- D:\Documents\Doc1.pdf
[2011.03.22 02:01:53 | 000,069,240 | ---- | C] () -- D:\Documents\all-thumbs-up.jpg
[2011.03.22 01:42:31 | 000,020,093 | ---- | C] () -- D:\Documents\Windsurfing_Catching_Wave.jpg
[2011.03.22 01:39:13 | 000,023,214 | ---- | C] () -- D:\Documents\success-21.jpg
[2011.03.22 00:23:38 | 000,055,004 | ---- | C] () -- D:\Documents\Growth_Graph.jpg
[2011.03.21 23:50:51 | 000,111,992 | ---- | C] () -- D:\Documents\E-commerce.jpg
[2011.03.21 21:53:10 | 000,082,580 | ---- | C] () -- D:\Documents\business-people-shaking-hands.jpg
[2011.03.21 21:37:31 | 000,023,054 | ---- | C] () -- D:\Documents\affiliate-marketing.jpg
[2011.03.21 02:00:49 | 000,042,331 | ---- | C] () -- D:\Documents\01.gif
[2011.03.21 01:40:26 | 000,005,366 | ---- | C] () -- D:\Documents\0004.jpg
[2011.02.14 17:37:35 | 000,000,189 | ---- | C] () -- C:\WINDOWS\cedt.INI
[2011.02.01 14:20:37 | 000,000,019 | ---- | C] () -- C:\Documents and Settings\Matija\Application Data\mdbu.bin
[2011.01.24 14:55:54 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2011.01.23 00:03:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2011.01.22 22:16:29 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\PDEs
[2011.01.22 22:16:29 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Matija\Application Data\Noise Gate
[2011.01.22 22:16:29 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010.11.24 12:57:28 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.11.24 12:57:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.11.24 12:57:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.11.24 12:57:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.11.24 12:57:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.09.28 15:22:50 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2010.09.24 16:21:17 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010.09.18 19:49:05 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010.08.31 12:04:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.11.27 05:57:02 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009.11.14 01:28:40 | 000,000,129 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.10.26 19:19:37 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2009.10.22 15:55:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.10.19 02:24:00 | 000,055,376 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.10.18 19:21:33 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Matija\Application Data\wklnhst.dat
[2009.10.16 22:17:14 | 000,003,587 | ---- | C] () -- C:\Documents and Settings\Matija\Application Data\mainhst.zgh
[2009.10.14 06:00:25 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.10.14 02:20:21 | 000,007,689 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.10.08 23:12:12 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Matija\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.08 18:20:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2009.10.07 12:55:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.10.07 07:10:54 | 000,088,928 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009.06.23 23:41:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.06.23 10:54:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe
[2009.06.23 10:54:13 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe
[2009.06.23 10:49:29 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009.06.23 10:49:29 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009.06.23 10:47:15 | 000,013,650 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009.06.23 10:45:59 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009.06.23 10:45:59 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009.06.23 10:45:54 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009.05.21 02:21:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.05.21 02:17:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.05.21 02:07:20 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009.05.21 02:07:08 | 000,441,582 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.05.21 02:07:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.05.21 02:07:08 | 000,071,454 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.05.21 02:07:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.05.21 02:07:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.05.21 02:07:07 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.05.21 02:07:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.05.21 02:07:06 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.05.21 02:07:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.05.21 02:07:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.05.21 02:07:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.05.21 02:07:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009.05.20 19:14:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.05.20 19:13:32 | 002,192,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.02.26 13:50:32 | 000,000,176 | ---- | C] () -- C:\WINDOWS\explorer.exe.config
[2008.09.02 21:25:26 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2001.11.15 03:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010.04.18 00:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010.09.23 23:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011.01.22 22:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Console
[2010.09.21 23:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EBI
[2011.01.22 22:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010.09.24 19:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010.09.10 15:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010.12.21 19:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009.10.22 02:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009.12.22 20:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2011.02.28 22:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010.09.24 18:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2009.10.14 02:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.06.23 10:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2010.09.21 23:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RSMR
[2010.03.24 02:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010.03.23 20:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011.01.22 22:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010.04.18 00:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\ACD Systems
[2011.02.23 15:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\AnvSoft
[2011.01.23 13:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\Asus
[2009.10.16 22:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\BSplayer Pro
[2011.04.19 01:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\Dropbox
[2010.04.20 22:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\EeeStorageUploader
[2010.12.20 21:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\estroke
[2011.02.04 16:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\FileZilla
[2010.12.01 15:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\Foxit Software
[2010.09.24 18:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\GetRightToGo
[2010.09.12 20:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\LimeWire
[2010.09.27 00:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\Mp3tag
[2010.12.21 19:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\NCH Swift Sound
[2011.02.01 12:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\Nikon
[2010.01.12 18:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\Nokia
[2011.02.21 22:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\Notepad++
[2010.12.08 10:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\nswb
[2011.03.15 18:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\OpenCandy
[2009.10.14 02:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\PC Suite
[2011.04.15 11:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\PriceGong
[2011.01.18 19:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\TeamViewer
[2010.02.05 23:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\Template
[2010.05.13 00:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\Transcend
[2010.03.23 20:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\Ulead Systems
[2011.04.08 23:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\uTorrent
[2009.10.07 12:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\VoiceCommand
[2009.10.08 16:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\WiPeer
[2010.01.07 07:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matija\Application Data\ZipGenius
[2011.04.18 00:01:03 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011.03.22 04:56:15 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< netsvc >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008.04.14 19:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 19:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 19:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 19:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008.04.14 14:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 14:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 14:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 19:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2009.12.19 23:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2008.04.14 19:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 19:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 19:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\I386\$OEM$\TEXTMODE\IASTOR.SYS
[2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\OemDir\iaStor.sys
[2008.09.12 12:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 19:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 19:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 19:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 19:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 19:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 19:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.05.20 19:13:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.05.20 19:13:04 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.05.20 19:13:04 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< End of report >


Thanks!

#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:05 PM

Posted 20 April 2011 - 07:56 AM

Hello.

Let's try an alternative ARK scanner.

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


If you do, please proceed normally.

~Blade


In your next reply, please include the following:
RKU Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#14 yessiesskies

yessiesskies
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 20 April 2011 - 10:11 AM

I couldn`t download RKU from location you provided. There was a tcp error but i did download RKU from its site http://www.antirootkit.com/software/RootKit-Unhooker.htm.

I did as i was told to and here is the log:

RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.509
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>Drivers
Driver: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xF5BE5000
Size: 5857280 bytes

Driver: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xA9EFF000
Size: 5242880 bytes

Driver: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF1E7000
Size: 2699264 bytes

Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2154496 bytes

Driver: PnpManager
Address: 0x804D7000
Size: 2154496 bytes

Driver: RAW
Address: 0x804D7000
Size: 2154496 bytes

Driver: WMIxWDM
Address: 0x804D7000
Size: 2154496 bytes

Driver: Win32k
Address: 0xBF800000
Size: 1859584 bytes

Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1859584 bytes

Driver: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF04F000
Size: 1671168 bytes

Driver: C:\WINDOWS\system32\DRIVERS\btkrnl.sys
Address: 0xF59E6000
Size: 987136 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA2846000
Size: 892928 bytes

Driver: iaStor.sys
Address: 0xF7377000
Size: 892928 bytes

Driver: Ntfs.sys
Address: 0xF728E000
Size: 577536 bytes

Driver: C:\WINDOWS\System32\Drivers\wdf01000.sys
Address: 0xF5AD7000
Size: 507904 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA43CF000
Size: 458752 bytes

Driver: C:\WINDOWS\System32\Drivers\aswSnx.SYS
Address: 0xA2944000
Size: 385024 bytes

Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF593D000
Size: 385024 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA6ED9000
Size: 364544 bytes

Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA253F000
Size: 360448 bytes

Driver: C:\WINDOWS\System32\Drivers\aswSP.SYS
Address: 0xA4387000
Size: 294912 bytes

Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBF47A000
Size: 290816 bytes

Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA209E000
Size: 266240 bytes

Driver: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xF5B53000
Size: 204800 bytes

Driver: ACPI.sys
Address: 0xF7499000
Size: 188416 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA2672000
Size: 184320 bytes

Driver: NDIS.sys
Address: 0xF7261000
Size: 184320 bytes

Driver: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA443F000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF5BA9000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA6E8B000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA6EB3000
Size: 155648 bytes

Driver: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA2920000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xA9EDB000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF5B85000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF599B000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA6793000
Size: 139264 bytes

Driver: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0xA4563000
Size: 139264 bytes

Driver: ACPI_HAL
Address: 0x806E5000
Size: 134400 bytes

Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806E5000
Size: 134400 bytes

Driver: fltMgr.sys
Address: 0xF7357000
Size: 131072 bytes

Driver: ftdisk.sys
Address: 0xF7469000
Size: 126976 bytes

Driver: C:\WINDOWS\System32\Drivers\usbvideo.sys
Address: 0xA6F65000
Size: 122880 bytes

Driver: Mup.sys
Address: 0xF7247000
Size: 106496 bytes

Driver: atapi.sys
Address: 0xF7451000
Size: 98304 bytes

Driver: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Address: 0xA282F000
Size: 94208 bytes

Driver: KSecDD.sys
Address: 0xF732E000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF59CF000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\Drivers\ssoftnt4.sys
Address: 0xA4585000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA2635000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF5BD1000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA6F32000
Size: 77824 bytes

Driver: WudfPf.sys
Address: 0xF731B000
Size: 77824 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000
Size: 73728 bytes

Driver: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000
Size: 73728 bytes

Driver: sr.sys
Address: 0xF7345000
Size: 73728 bytes

Driver: pci.sys
Address: 0xF7488000
Size: 69632 bytes

Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF59BE000
Size: 69632 bytes

Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF76C8000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA953D000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF76B8000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
Address: 0xF77E8000
Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7608000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF77F8000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF7818000
Size: 53248 bytes

Driver: VolSnap.sys
Address: 0xF75E8000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Address: 0xF7808000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
Address: 0xA3E41000
Size: 49152 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF692B000
Size: 49152 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF61CB000
Size: 45056 bytes

Driver: MountMgr.sys
Address: 0xF75D8000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7828000
Size: 45056 bytes

Driver: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Address: 0xA76DF000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\btwusb.sys
Address: 0xA72CB000
Size: 40960 bytes

Driver: isapnp.sys
Address: 0xF75C8000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF68FB000
Size: 40960 bytes

Driver: PxHelp20.sys
Address: 0xF7618000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF690B000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\uvclf.sys
Address: 0xA76EF000
Size: 40960 bytes

Driver: disk.sys
Address: 0xF75F8000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF77D8000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF691B000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7698000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF76E8000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\btport.sys
Address: 0xF78F8000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF78D8000
Size: 32768 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xA7D99000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF78B8000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xA7DB9000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7848000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xA7DA9000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xA75B9000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF78C0000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF78C8000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
Address: 0xF7938000
Size: 24576 bytes

Driver: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF7888000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF78B0000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xA7DB1000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Address: 0xA7599000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xA7DA1000
Size: 20480 bytes

Driver: PartMgr.sys
Address: 0xF7850000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF78E8000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF78F0000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF78E0000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xA806E000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF79E0000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF721B000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7207000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA414C000
Size: 16384 bytes

Driver: ACPIEC.sys
Address: 0xF79E4000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
Address: 0xF7217000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\aswFsBlk.SYS
Address: 0xA7E2E000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF79D8000
Size: 12288 bytes

Driver: compbatt.sys
Address: 0xF79DC000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF7AA0000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7213000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA8327000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\drivers\AsUpIO.sys
Address: 0xF7B62000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7B68000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7B66000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7AC8000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7B6A000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7B6C000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\RootMdm.sys
Address: 0xF7AFE000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7B00000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7AFA000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7ACA000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7C00000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\BANTExt.sys
Address: 0xA4F46000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xA2A82000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xA8151000
Size: 4096 bytes

Driver: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7B91000
Size: 4096 bytes

Driver: pciide.sys
Address: 0xF7B90000
Size: 4096 bytes

==============================================
>Stealth


Just a notice...GMER was scaning for like 1 hour and a half (before spontaneously rebooting) but RKU finished in seconds.

Thanks for help!

#15 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:05 PM

Posted 20 April 2011 - 11:23 AM

Hello.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

It is incredibly likely that many of your problems are related to using cracked software. For me to continue helping you, you will need to remove all illegitimate software from the machine.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users