Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected by trojan GASF and maybe some others


  • This topic is locked This topic is locked
21 replies to this topic

#1 olja

olja

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 17 February 2012 - 08:40 AM

hi, i think i am infected by trojan GASF and some other critical trojans, at least stopzilla report tells so, but i cannot delete them since i cannot register stopzilla. here is my OTL report. please help.


OTL logfile created on: 17.2.2012 3:42:30 - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\Ognjen\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000181A | Country: Bosnia and Herzegovina | Language: SRS | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,01% Memory free
3,85 Gb Paging File | 3,42 Gb Available in Paging File | 88,87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 10,89 Gb Free Space | 9,35% Space Free | Partition Type: NTFS
Drive D: | 116,44 Gb Total Space | 27,27 Gb Free Space | 23,42% Space Free | Partition Type: NTFS

Computer Name: OGNJEN-1C392CC2 | User Name: Ognjen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.02.17 03:41:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ognjen\My Documents\Downloads\OTL.exe
PRC - [2012.02.11 03:53:15 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.10.22 18:35:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010.04.12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2007.10.10 06:28:32 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2004.08.03 23:56:52 | 000,815,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2004.08.03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012.02.11 03:53:14 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.01.08 12:44:28 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2007.10.10 06:28:32 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2007.06.29 00:43:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (slip)
SRV - File not found [Auto | Stopped] -- -- (mssql$soshome22)
SRV - File not found [Auto | Stopped] -- -- (lwwlicenseservice)
SRV - File not found [Auto | Stopped] -- -- (infrastructure)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.10.22 18:35:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.04.02 11:47:04 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (szkgfs)
DRV - File not found [Kernel | Unknown | Running] -- -- (szkg5)
DRV - [2011.12.13 18:27:30 | 007,069,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011.10.22 18:35:04 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.10.22 18:35:03 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011.10.19 07:52:32 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010.04.12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.12.30 21:39:49 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007.03.01 09:05:38 | 000,090,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1004336348-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=d62e9c82ea354f8b95950f43f865a1c8&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z197&ocid=zdhp&install_date=20111204"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: mil@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://www.basicscan.com/?tmp=nemo_results_removelink&prt=BscscnPB&keywords="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 01:58:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.12 16:23:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Documents and Settings\Ognjen\Local Settings\Application Data\ClickPotatoLiteSA\bin\12.0.15.0\firefox\extensions [2012.01.22 00:46:49 | 000,000,000 | ---D | M]

[2009.08.09 22:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ognjen\Application Data\Mozilla\Extensions
[2009.08.09 22:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ognjen\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012.01.13 00:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ognjen\Application Data\Mozilla\Firefox\Profiles\tg22nlm3.default\extensions
[2010.08.28 17:21:37 | 000,000,000 | ---D | M] (MakeItLive) -- C:\Documents and Settings\Ognjen\Application Data\Mozilla\Firefox\Profiles\tg22nlm3.default\extensions\mil@toolbar
[2009.09.09 10:49:49 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Ognjen\Application Data\Mozilla\Firefox\Profiles\tg22nlm3.default\searchplugins\ask.xml
[2012.02.16 12:03:19 | 000,001,211 | ---- | M] () -- C:\Documents and Settings\Ognjen\Application Data\Mozilla\Firefox\Profiles\tg22nlm3.default\searchplugins\Mp3Tube.xml
[2012.02.16 17:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.08.04 10:34:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.02.11 03:53:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.04 10:34:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007.02.04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.01.12 13:56:05 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.02.02 02:12:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.01 18:06:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011.10.08 08:44:17 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.02 02:12:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: BasicScan (Enabled)
CHR - default_search_provider: search_url = http://www.basicscan.com/?tmp=redir_bho_bing&dist=0&prt=BscscnPB&keywords={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.4_0\
CHR - Extension: AT_Rampage_v2 = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknkimpcfkpmmikggddpidpmaljigegp\3\
CHR - Extension: Google \u043F\u0440\u0435\u0442\u0440\u0430\u0433\u0430 = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Facemoods = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.02.17 02:01:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] c:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Ognjen\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-706699826-839522115-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1004336348-706699826-839522115-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1004336348-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004336348-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{327AC182-832E-4047-A536-39D5BDA7EB07}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Ognjen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ognjen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.29 14:09:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1004336348-706699826-839522115-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: lwwlicenseservice - File not found
NetSvcs: buslogic - File not found
NetSvcs: infrastructure - File not found
NetSvcs: S7oppilx - File not found
NetSvcs: se58mdm - File not found
NetSvcs: Maplom - File not found
NetSvcs: ikfileflt - File not found
NetSvcs: s217obex - File not found
NetSvcs: slip - File not found
NetSvcs: szkg - File not found
NetSvcs: SE27mdfl - File not found
NetSvcs: idsvc - File not found
NetSvcs: WGX - File not found
NetSvcs: RMSvc - File not found
NetSvcs: z800mdm - File not found
NetSvcs: mssql$soshome22 - File not found
NetSvcs: TUWinStylerThemeSvc - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.02.17 03:03:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.02.17 02:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ognjen\Start Menu\Programs\CyberLink PowerDVD
[2012.02.17 02:55:37 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012.02.17 02:55:35 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012.02.17 02:55:30 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012.02.17 02:14:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.02.17 01:45:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.02.17 01:42:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.02.17 01:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.02.17 01:32:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.02.17 01:18:26 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.02.16 17:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012.02.16 16:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ognjen\Application Data\Malwarebytes
[2012.02.16 16:13:38 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.02.16 16:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.16 16:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.02.16 16:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.15 16:48:03 | 000,202,240 | ---- | C] (DreamWorks Interactive) -- C:\setup95.exe
[2012.02.13 16:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ognjen\Application Data\Big Fish Games
[2012.02.11 14:02:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ognjen\Local Settings\Application Data\d644cf95
[2012.01.22 00:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2012.01.22 00:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xvid
[2012.01.22 00:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ognjen\Local Settings\Application Data\ClickPotatoLiteSA
[2011.12.04 13:53:46 | 000,180,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabtppm.dll
[2011.12.04 13:25:43 | 000,401,408 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2010.09.29 11:21:43 | 000,303,616 | ---- | C] ( ) -- C:\WINDOWS\SetACL.exe
[2008.03.29 16:59:39 | 000,227,022 | ---- | C] ( ) -- C:\WINDOWS\System32\runsoft.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.17 02:58:43 | 000,000,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012.02.17 02:57:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.17 02:52:00 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-706699826-839522115-1003UA.job
[2012.02.17 02:01:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.02.17 01:45:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.02.16 22:52:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-706699826-839522115-1003Core.job
[2012.02.16 16:13:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.15 16:48:05 | 000,000,030 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012.02.14 01:28:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\milica..
[2012.02.14 01:28:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\milica
[2012.02.13 03:46:47 | 000,040,442 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\djetelina.jpg
[2012.02.10 12:07:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.09 16:32:24 | 000,129,024 | ---- | M] () -- C:\Documents and Settings\Ognjen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.07 01:38:38 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\crnaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.jpg
[2012.02.04 23:53:57 | 000,067,915 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\ffffff.JPG
[2012.02.04 23:49:44 | 000,069,756 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\431348_311910672177303_100000751188751_785570_1514920229_n.jpg
[2012.02.04 23:47:30 | 000,002,572 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\ccccc.jpg
[2012.02.04 23:45:44 | 000,006,002 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\totodile.jpeg
[2012.02.04 21:14:15 | 000,005,720 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\sdssss.jpg
[2012.01.28 15:12:10 | 000,019,014 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\kasper.jpg
[2012.01.24 23:41:08 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Ognjen\Desktop\Google Chrome.lnk
[2012.01.24 23:41:08 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Ognjen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.01.22 14:55:50 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012.01.22 00:48:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\0fc37b3e70e8aedcc575811b9bc46dd6_c
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.02.17 02:58:39 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012.02.17 02:55:32 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012.02.17 01:45:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.02.17 01:45:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.02.17 01:42:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.02.17 01:42:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.02.17 01:42:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.02.17 01:42:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.02.16 16:13:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.15 16:48:05 | 000,000,030 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012.02.14 01:28:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\milica..
[2012.02.14 01:28:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\milica
[2012.02.13 03:46:54 | 000,040,442 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\djetelina.jpg
[2012.02.07 01:38:37 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\crnaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.jpg
[2012.02.04 23:53:57 | 000,067,915 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\ffffff.JPG
[2012.02.04 23:49:44 | 000,069,756 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\431348_311910672177303_100000751188751_785570_1514920229_n.jpg
[2012.02.04 23:47:30 | 000,002,572 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\ccccc.jpg
[2012.02.04 23:45:43 | 000,006,002 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\totodile.jpeg
[2012.02.04 21:14:14 | 000,005,720 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\sdssss.jpg
[2012.01.28 15:12:09 | 000,019,014 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\kasper.jpg
[2012.01.22 00:52:23 | 000,152,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2012.01.22 00:48:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0fc37b3e70e8aedcc575811b9bc46dd6_c
[2011.12.04 13:25:43 | 000,000,507 | ---- | C] () -- C:\WINDOWS\LMABB2DD.ini
[2011.10.23 15:35:59 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.10.23 15:35:59 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.10.23 15:35:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.10.23 15:35:37 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011.09.15 22:51:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.01.15 19:13:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009.01.15 19:11:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.01.09 20:21:23 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.12.27 19:14:20 | 000,000,000 | R-S- | C] () -- C:\WINDOWS\System32\xbox.dll
[2008.04.17 15:32:07 | 000,029,203 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2008.04.03 10:23:22 | 000,129,024 | ---- | C] () -- C:\Documents and Settings\Ognjen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.01 17:52:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.03.29 21:50:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.03.29 21:48:12 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.03.29 17:03:35 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.03.29 17:03:35 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.03.29 17:03:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.03.29 17:03:32 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.03.29 17:02:50 | 000,033,576 | ---- | C] () -- C:\WINDOWS\System32\BCGPOleAcc.dll
[2008.03.29 17:02:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.03.29 15:52:16 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008.03.29 15:52:12 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.03.29 15:52:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.03.29 15:52:10 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2008.03.29 15:52:10 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.03.29 15:52:08 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.03.29 15:52:06 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.03.29 15:52:05 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008.03.29 15:51:52 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008.03.29 15:51:13 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008.03.29 15:26:18 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.03.29 14:11:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.03.29 14:07:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.04 00:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.08.23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 14:00:00 | 000,392,626 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 14:00:00 | 000,058,800 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012.01.12 13:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011.12.04 13:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
[2009.11.08 21:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2011.12.04 13:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011.06.26 22:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2012.01.12 13:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ognjen\Application Data\Babylon
[2012.02.13 17:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ognjen\Application Data\Big Fish Games
[2011.06.26 14:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ognjen\Application Data\calibre
[2009.04.28 16:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ognjen\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.02.09 11:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ognjen\Application Data\Design Science
[2009.04.20 15:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ognjen\Application Data\Dev-Cpp
[2011.10.11 07:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ognjen\Application Data\GameRanger
[2008.07.31 11:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ognjen\Application Data\Leadertech
[2012.02.17 02:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ognjen\Application Data\LimeWire
[2011.06.26 22:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ognjen\Application Data\Softland
[2011.05.27 12:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ognjen\Application Data\Sports Interactive
[2012.02.16 18:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ognjen\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.03.29 21:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.03.29 21:47:18 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.03.29 21:47:18 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2011.11.14 14:14:56 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2008.03.29 14:09:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008.03.29 14:05:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012.02.17 01:45:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004.08.03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012.02.17 02:20:01 | 000,018,951 | ---- | M] () -- C:\ComboFix.txt
[2008.03.29 14:09:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008.03.29 14:09:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.03.29 14:09:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004.08.03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004.08.03 21:59:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012.02.17 02:57:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[1996.09.16 02:00:00 | 000,202,240 | ---- | M] (DreamWorks Interactive) -- C:\setup95.exe
[2009.09.17 10:52:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009.09.17 15:48:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009.09.17 22:56:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009.09.18 19:28:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009.09.18 19:54:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009.09.13 22:13:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009.09.14 10:31:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009.09.14 19:30:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009.09.14 20:00:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009.09.14 21:02:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009.09.15 08:29:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009.09.15 09:49:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009.09.15 18:18:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009.09.15 19:33:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009.09.15 20:37:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009.09.15 23:03:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009.09.16 17:40:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009.09.16 20:46:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009.09.16 22:13:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009.09.16 23:01:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009.09.17 10:52:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009.09.17 15:48:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009.09.17 22:56:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009.09.18 19:28:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009.09.18 19:54:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009.09.13 22:13:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009.09.14 10:31:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009.09.14 19:30:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009.09.14 20:00:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009.09.14 21:02:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009.09.15 08:29:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009.09.15 09:49:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009.09.15 18:18:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009.09.15 19:33:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009.09.15 20:37:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009.09.15 23:03:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009.09.16 17:40:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009.09.16 20:46:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009.09.16 22:13:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009.09.16 23:01:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2012.02.17 01:18:51 | 000,045,832 | ---- | M] () -- C:\TDSSKiller.2.7.13.0_17.02.2012_01.17.50_log.txt
[2012.02.17 02:14:05 | 000,043,682 | ---- | M] () -- C:\TDSSKiller.2.7.13.0_17.02.2012_02.13.49_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004.08.04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004.08.03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004.08.03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004.08.03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2004.08.03 23:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\ERDNT\cache\user32.dll
[2004.08.03 23:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\dllcache\user32.dll
[2004.08.03 23:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\user32.dll

< MD5 for: WS2_32.DLL >
[2004.08.03 23:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004.08.03 23:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.03 23:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 935916 bytes -> C:\WINDOWS\Temp:temp

< End of report >

BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 PM

Posted 18 February 2012 - 12:05 PM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, olja

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

I'd like to take a further look on your system. Please run GMER for me and post that in your next reply.

Also tell me what are the steps you have taken to disinfect your machine.

---------------------------------------------------------------------------------------------------

Posted Image
  • Please download GMER from one of the following locations, and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zip Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Extract the contents of the zipped file to desktop (applicable only to Zip mirror) .
  • Double click Posted Image or Posted Image on your desktop.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    Posted Image

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 olja

olja
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 19 February 2012 - 08:04 AM

thank you.

Attached Files

  • Attached File  Gmer.txt   111.75KB   4 downloads


#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 PM

Posted 19 February 2012 - 08:08 AM

Please provide Combofix log located in C:\ComboFix.txt

Also please tell me what steps you have taken to get rid of the problem.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 olja

olja
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 19 February 2012 - 10:41 AM

i have not taken any steps except scanning my hard drives with avast and malwarebytes, and stopzilla (as i have mentioned).

Attached Files



#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 PM

Posted 19 February 2012 - 11:19 PM

I need to see the rest of CF log so that I can track down what it has done in the past. Please copy/paste those logs in your next reply.

C:\qoobox\ComboFix-quarantined-files.txt
C:\qoobox\ComboFix2.txt
C:\qoobox\ComboFix3.txt
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 olja

olja
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 20 February 2012 - 07:48 AM

here they are.

Attached Files



#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 PM

Posted 20 February 2012 - 08:46 AM

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Rootkit::
C:\## aswSnx private storage

Firefox::
FF - ProfilePath - c:\documents and settings\Ognjen\Application Data\Mozilla\Firefox\Profiles\tg22nlm3.default\
FF - prefs.js: keyword.URL -


In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 olja

olja
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 20 February 2012 - 01:53 PM

what do you mean by "follow all previous instructions regarding security programs"? do you mean to deliver you another gmer and combofix reports or?

#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 PM

Posted 20 February 2012 - 08:57 PM

No, as in follow the instructions on temporarily disable security programs from my initial post of CF.

Meaning to say disable security programs before running CF and post(do not attach) the CF log in your next reply.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 olja

olja
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 21 February 2012 - 08:15 AM

ComboFix 12-02-16.02 - Ognjen 21.02.2012 14:01:51.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1551 [GMT 1:00]
Running from: c:\documents and settings\Ognjen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ognjen\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-17 13:06 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-17 13:06 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-17 13:06 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-17 13:06 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-17 13:06 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-17 13:06 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-17 13:06 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-17 13:06 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-17 13:06 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-17 13:06 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-17 13:06 . 2012-02-17 13:06 -------- d-----w- c:\program files\AVAST Software
2012-02-17 13:06 . 2012-02-17 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-02-17 01:55 . 2010-11-03 17:15 359016 ----a-w- c:\windows\vncutil.exe
2012-02-17 01:55 . 2011-12-12 16:20 64616 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-02-17 01:55 . 2011-11-22 15:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-02-17 01:55 . 2010-11-03 17:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2012-02-17 01:55 . 2011-11-24 10:37 21736 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-02-17 01:55 . 2009-11-18 06:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2012-02-17 01:55 . 2009-11-18 06:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2012-02-17 00:18 . 2012-02-17 00:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-16 16:22 . 2012-02-16 16:22 -------- d-----w- c:\program files\Common Files\iS3
2012-02-16 15:13 . 2012-02-16 15:13 -------- d-----w- c:\documents and settings\Ognjen\Application Data\Malwarebytes
2012-02-16 15:13 . 2012-02-16 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-16 15:13 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 15:13 . 2012-02-16 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-15 15:48 . 1996-09-16 01:00 202240 ----a-w- C:\setup95.exe
2012-02-13 15:28 . 2012-02-13 16:49 -------- d-----w- c:\documents and settings\Ognjen\Application Data\Big Fish Games
2012-02-11 13:02 . 2012-02-17 00:58 -------- d-sh--w- c:\documents and settings\Ognjen\Local Settings\Application Data\d644cf95
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 00:19 . 2004-08-03 21:14 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-08 11:44 . 2012-01-08 11:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-13 17:27 . 2008-03-29 14:25 7069288 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-12-13 10:01 . 2008-03-29 14:25 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-12-05 14:49 . 2008-03-29 14:25 20065384 ----a-w- c:\windows\RTHDCPL.EXE
2012-02-18 14:41 . 2011-06-01 19:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-19_15.31.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-21 13:09 . 2012-02-21 13:09 16384 c:\windows\Temp\Perflib_Perfdata_164.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-12-09 736120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\Ognjen\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-22 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 18:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Starcraft\\starcraft.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Ognjen\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Documents and Settings\\Ognjen\\Desktop\\Filip\\CS 1.6 v42 FULL\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Documents and Settings\\Ognjen\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\The KMPlayer\\KMPlayer.exe"=
"c:\\Documents and Settings\\Ognjen\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17.2.2012 14:06 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.2.2012 14:06 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22.12.2008 11:06 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22.12.2008 11:05 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [19.10.2011 7:52 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.2.2012 14:06 20568]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9.9.2009 9:25 234888]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.2.2012 2:55 1691480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22.12.2008 11:06 12872]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
lwwlicenseservice
buslogic
infrastructure
S7oppilx
se58mdm
Maplom
ikfileflt
s217obex
slip
szkg
SE27mdfl
idsvc
WGX
RMSvc
z800mdm
mssql$soshome22
TUWinStylerThemeSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-706699826-839522115-1003Core.job
- c:\documents and settings\Ognjen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-04 09:52]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-706699826-839522115-1003UA.job
- c:\documents and settings\Ognjen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-04 09:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Ognjen\Application Data\Mozilla\Firefox\Profiles\tg22nlm3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z197&ocid=zdhp&install_date=20111204
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-21 14:09
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3660)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-02-21 14:12:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 13:12
ComboFix2.txt 2012-02-20 12:44
ComboFix3.txt 2012-02-19 15:34
ComboFix4.txt 2012-02-17 01:20
ComboFix5.txt 2012-02-21 11:15
.
Pre-Run: 12.451.577.856 bytes free
Post-Run: 12.438.622.208 bytes free
.
- - End Of File - - 2ECB6EC69DE6FDE47D87234F4B8BF8DD

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 PM

Posted 21 February 2012 - 09:02 PM

Hang on there, I will post instructions as soon as I can.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 PM

Posted 22 February 2012 - 03:44 AM

Hi,

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\setup95.exe
    
    :Commands
    [EMPTYFLASH]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.
===================================================

On your next reply please post :
OTL fix log
Fresh OTL log
How is your machine running now?


Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#14 olja

olja
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 22 February 2012 - 10:27 AM

here is OTL fix log.

All processes killed
========== FILES ==========
C:\setup95.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 405 bytes

User: NetworkService

User: Ognjen
->Flash cache emptied: 3291593 bytes

Total Flash Files Cleaned = 3,00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 4227206 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Ognjen
->Temp folder emptied: 709215 bytes
->Temporary Internet Files folder emptied: 5444208 bytes
->Java cache emptied: 4981297 bytes
->FireFox cache emptied: 264749658 bytes
->Google Chrome cache emptied: 142460779 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 405,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.32.0 log created on 02222012_160127

Files\Folders moved on Reboot...
C:\Documents and Settings\Ognjen\Local Settings\Temporary Internet Files\Content.IE5\Z32AN5WJ\background-banner-right-v9[1].jpg moved successfully.
C:\Documents and Settings\Ognjen\Local Settings\Temporary Internet Files\Content.IE5\Z32AN5WJ\background_button_green_full[1].png moved successfully.
C:\Documents and Settings\Ognjen\Local Settings\Temporary Internet Files\Content.IE5\UGH6V36U\background-banner-middle-v9[1].jpg moved successfully.
C:\Documents and Settings\Ognjen\Local Settings\Temporary Internet Files\Content.IE5\UGH6V36U\background_banner_green_50_v9[1].jpg moved successfully.
C:\Documents and Settings\Ognjen\Local Settings\Temporary Internet Files\Content.IE5\CS7JYRTN\list-item-plus[1].png moved successfully.

Registry entries deleted on Reboot...

here is fresh OTL log. (i have just run OTL and Run Scan.)

OTL logfile created on: 22.2.2012 16:10:09 - Run 2
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\Ognjen\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000181A | Country: Bosnia and Herzegovina | Language: SRS | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 75,11% Memory free
3,85 Gb Paging File | 3,50 Gb Available in Paging File | 91,07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 9,95 Gb Free Space | 8,54% Space Free | Partition Type: NTFS
Drive D: | 116,44 Gb Total Space | 26,38 Gb Free Space | 22,66% Space Free | Partition Type: NTFS

Computer Name: OGNJEN-1C392CC2 | User Name: Ognjen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.02.18 15:41:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.02.17 03:41:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ognjen\My Documents\Downloads\OTL.exe
PRC - [2011.12.09 17:50:32 | 000,736,120 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.10.22 18:35:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010.04.12 09:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007.10.10 06:28:32 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2004.08.03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012.02.21 22:39:11 | 001,714,176 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12022101\algo.dll
MOD - [2012.02.18 15:41:41 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2007.10.10 06:28:32 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2007.06.29 00:43:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (slip)
SRV - File not found [Auto | Stopped] -- -- (mssql$soshome22)
SRV - File not found [Auto | Stopped] -- -- (lwwlicenseservice)
SRV - File not found [Auto | Stopped] -- -- (infrastructure)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.10.22 18:35:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2009.04.02 11:47:04 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)


========== Driver Services (SafeList) ==========

DRV - [2011.12.13 18:27:30 | 007,069,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.10.22 18:35:04 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.10.22 18:35:03 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011.10.19 07:52:32 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010.04.12 09:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.12.30 21:39:49 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007.03.01 09:05:38 | 000,090,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=d62e9c82ea354f8b95950f43f865a1c8&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z197&ocid=zdhp&install_date=20111204"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: mil@toolbar:1.0.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.17 14:06:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 15:41:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.12 16:23:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Documents and Settings\Ognjen\Local Settings\Application Data\ClickPotatoLiteSA\bin\12.0.15.0\firefox\extensions [2012.01.22 00:46:49 | 000,000,000 | ---D | M]

[2009.08.09 22:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ognjen\Application Data\Mozilla\Extensions
[2009.08.09 22:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ognjen\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012.01.13 00:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ognjen\Application Data\Mozilla\Firefox\Profiles\tg22nlm3.default\extensions
[2010.08.28 17:21:37 | 000,000,000 | ---D | M] (MakeItLive) -- C:\Documents and Settings\Ognjen\Application Data\Mozilla\Firefox\Profiles\tg22nlm3.default\extensions\mil@toolbar
[2009.09.09 10:49:49 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Ognjen\Application Data\Mozilla\Firefox\Profiles\tg22nlm3.default\searchplugins\ask.xml
[2012.02.16 12:03:19 | 000,001,211 | ---- | M] () -- C:\Documents and Settings\Ognjen\Application Data\Mozilla\Firefox\Profiles\tg22nlm3.default\searchplugins\Mp3Tube.xml
[2012.02.16 17:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.08.04 10:34:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.02.18 15:41:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.04 10:34:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007.02.04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012.01.12 13:56:05 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.02.02 02:12:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.01 18:06:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011.10.08 08:44:17 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.02 02:12:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: BasicScan (Enabled)
CHR - default_search_provider: search_url = http://www.basicscan.com/?tmp=redir_bho_bing&dist=0&prt=BscscnPB&keywords={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.4_0\
CHR - Extension: AT_Rampage_v2 = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknkimpcfkpmmikggddpidpmaljigegp\3\
CHR - Extension: Google \u043F\u0440\u0435\u0442\u0440\u0430\u0433\u0430 = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Gmail = C:\Documents and Settings\Ognjen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.02.21 14:09:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] c:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Ognjen\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{327AC182-832E-4047-A536-39D5BDA7EB07}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Ognjen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ognjen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.29 14:09:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.02.22 16:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ognjen\Start Menu\Programs\CyberLink PowerDVD
[2012.02.22 16:02:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.02.22 16:01:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.21 15:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ognjen\Desktop\usb
[2012.02.19 16:21:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.02.19 16:21:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.02.19 16:21:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.02.18 14:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ognjen\Desktop\pics
[2012.02.17 14:06:34 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.02.17 14:06:34 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.02.17 14:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012.02.17 14:06:32 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.02.17 14:06:32 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.02.17 14:06:31 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.02.17 14:06:30 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.02.17 14:06:30 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.02.17 14:06:30 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.02.17 14:06:19 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.02.17 14:06:19 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.02.17 14:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.02.17 14:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012.02.17 02:55:37 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012.02.17 02:55:35 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012.02.17 02:55:35 | 000,064,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstIIXP.dll
[2012.02.17 02:55:35 | 000,011,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoLDRXP.dll
[2012.02.17 02:55:31 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2012.02.17 02:55:30 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012.02.17 01:45:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.02.17 01:42:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.02.17 01:42:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.02.17 01:32:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.02.17 01:27:30 | 004,406,022 | R--- | C] (Swearware) -- C:\Documents and Settings\Ognjen\Desktop\ComboFix.exe
[2012.02.17 01:18:26 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.02.16 17:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012.02.16 16:13:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ognjen\Application Data\Malwarebytes
[2012.02.16 16:13:38 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.02.16 16:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.16 16:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.02.16 16:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.13 16:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ognjen\Application Data\Big Fish Games
[2012.02.11 14:02:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ognjen\Local Settings\Application Data\d644cf95
[2011.12.04 13:53:46 | 000,180,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lmabtppm.dll
[2011.12.04 13:25:43 | 000,401,408 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2010.09.29 11:21:43 | 000,303,616 | ---- | C] ( ) -- C:\WINDOWS\SetACL.exe
[2008.03.29 16:59:39 | 000,227,022 | ---- | C] ( ) -- C:\WINDOWS\System32\runsoft.exe

========== Files - Modified Within 30 Days ==========

[2012.02.22 16:05:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.22 15:52:00 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-706699826-839522115-1003UA.job
[2012.02.21 22:52:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-706699826-839522115-1003Core.job
[2012.02.21 14:09:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.02.21 00:30:33 | 000,129,024 | ---- | M] () -- C:\Documents and Settings\Ognjen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.20 01:33:57 | 000,046,709 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\pandaaaaaaaaaaaaa.jpg
[2012.02.18 18:54:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ognjen\Desktop\pmtpp2pv.exe
[2012.02.17 14:06:34 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012.02.17 14:06:31 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.02.17 12:54:38 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Ognjen\Desktop\Google Chrome.lnk
[2012.02.17 12:54:38 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Ognjen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.02.17 02:58:43 | 000,000,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012.02.17 01:45:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.02.17 01:28:52 | 004,406,022 | R--- | M] (Swearware) -- C:\Documents and Settings\Ognjen\Desktop\ComboFix.exe
[2012.02.16 16:13:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.15 22:28:23 | 000,230,598 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\brm.jpg
[2012.02.15 16:48:05 | 000,000,030 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012.02.14 01:28:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\milica..
[2012.02.14 01:28:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\milica
[2012.02.13 03:46:47 | 000,040,442 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\djetelina.jpg
[2012.02.10 12:07:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.07 01:38:38 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\crnaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.jpg
[2012.02.04 23:53:57 | 000,067,915 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\ffffff.JPG
[2012.02.04 23:49:44 | 000,069,756 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\431348_311910672177303_100000751188751_785570_1514920229_n.jpg
[2012.02.04 23:47:30 | 000,002,572 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\ccccc.jpg
[2012.02.04 23:45:44 | 000,006,002 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\totodile.jpeg
[2012.02.04 21:14:15 | 000,005,720 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\sdssss.jpg
[2012.01.28 15:12:10 | 000,019,014 | ---- | M] () -- C:\Documents and Settings\Ognjen\My Documents\kasper.jpg

========== Files Created - No Company Name ==========

[2012.02.20 01:33:56 | 000,046,709 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\pandaaaaaaaaaaaaa.jpg
[2012.02.19 16:21:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.02.18 18:54:00 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Ognjen\Desktop\pmtpp2pv.exe
[2012.02.17 14:06:34 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012.02.17 02:58:39 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012.02.17 02:55:32 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012.02.17 01:45:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.02.17 01:45:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.02.17 01:42:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.02.17 01:42:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.02.17 01:42:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.02.17 01:42:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.02.16 16:13:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.15 22:28:13 | 000,230,598 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\brm.jpg
[2012.02.15 16:48:05 | 000,000,030 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012.02.14 01:28:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\milica..
[2012.02.14 01:28:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\milica
[2012.02.13 03:46:54 | 000,040,442 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\djetelina.jpg
[2012.02.07 01:38:37 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\crnaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.jpg
[2012.02.04 23:53:57 | 000,067,915 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\ffffff.JPG
[2012.02.04 23:49:44 | 000,069,756 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\431348_311910672177303_100000751188751_785570_1514920229_n.jpg
[2012.02.04 23:47:30 | 000,002,572 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\ccccc.jpg
[2012.02.04 23:45:43 | 000,006,002 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\totodile.jpeg
[2012.02.04 21:14:14 | 000,005,720 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\sdssss.jpg
[2012.01.28 15:12:09 | 000,019,014 | ---- | C] () -- C:\Documents and Settings\Ognjen\My Documents\kasper.jpg
[2012.01.22 00:48:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0fc37b3e70e8aedcc575811b9bc46dd6_c
[2011.12.04 13:25:43 | 000,000,507 | ---- | C] () -- C:\WINDOWS\LMABB2DD.ini
[2011.10.23 15:35:59 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.10.23 15:35:59 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.10.23 15:35:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.10.23 15:35:37 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011.09.15 22:51:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.01.15 19:13:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009.01.15 19:11:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.01.09 20:21:23 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.12.27 19:14:20 | 000,000,000 | R-S- | C] () -- C:\WINDOWS\System32\xbox.dll
[2008.04.17 15:32:07 | 000,029,203 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2008.04.03 10:23:22 | 000,129,024 | ---- | C] () -- C:\Documents and Settings\Ognjen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.01 17:52:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.03.29 21:50:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.03.29 21:48:12 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.03.29 17:03:35 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.03.29 17:03:35 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.03.29 17:03:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.03.29 17:03:32 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.03.29 17:02:50 | 000,033,576 | ---- | C] () -- C:\WINDOWS\System32\BCGPOleAcc.dll
[2008.03.29 17:02:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.03.29 15:52:16 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008.03.29 15:52:12 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.03.29 15:52:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.03.29 15:52:10 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2008.03.29 15:52:10 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.03.29 15:52:08 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.03.29 15:52:06 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.03.29 15:52:05 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008.03.29 15:51:52 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008.03.29 15:51:13 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008.03.29 15:26:18 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.03.29 14:11:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.03.29 14:07:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.04 00:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.08.23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 14:00:00 | 000,392,626 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 14:00:00 | 000,058,800 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 935916 bytes -> C:\WINDOWS\Temp:temp

< End of report >

my machine is running fine except one thing. when i started having trouble with viruses, sound was gone, speakers are ok, drivers also, i thought that viruses are responsible for that, but i still have no sound. sorry for my bad english.

#15 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 PM

Posted 22 February 2012 - 09:15 PM

Ok, can you navigate to Start > Right-click My Computers > Select Properties > Device Manager

Check if there is any yellow exclamation sign in there. Best if you could provide screenshot.

Feel free to ask if you have any questions. :)
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users