Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix can't start.


  • This topic is locked This topic is locked
21 replies to this topic

#1 jbradvi9

jbradvi9

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 26 November 2012 - 04:05 AM

I have problem with trojan infection. Before I could start Combofix and the application passed through all its stages and removed some files so the PC became more responsive. Now the new infection is so intense that Combofix window disappears just after backing up the registry has finished .

BC AdBot (Login to Remove)

 


#2 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 26 November 2012 - 04:06 AM

The first log file: ComboFix2.txt



ComboFix 12-09-27.03 - Administrator 27.09.2012 20:19:25.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.502.232 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\abc.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-27 12:25 . 2012-06-22 09:39 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-09-27 12:25 . 2012-06-22 09:39 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-09-27 12:25 . 2012-06-22 09:39 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-09-27 12:25 . 2012-06-22 09:39 1689560 ----a-w- c:\windows\PCTBDRes.dll
2012-09-27 12:25 . 2012-06-22 09:38 767960 ----a-w- c:\windows\BDTSupport.dll
2012-09-27 12:21 . 2012-06-22 13:29 254944 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-09-27 12:20 . 2012-06-22 13:33 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-09-27 12:20 . 2012-06-22 13:35 70568 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-09-27 12:20 . 2012-09-27 12:20 -------- d-----w- c:\program files\PC Tools
2012-09-27 11:58 . 2012-02-28 09:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-09-27 11:58 . 2012-02-28 09:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-09-27 11:58 . 2012-04-23 10:36 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-09-27 11:58 . 2012-04-23 10:36 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-09-27 11:58 . 2012-09-27 12:20 -------- d-----w- c:\program files\Common Files\PC Tools
2012-09-27 11:58 . 2012-06-22 13:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-09-27 11:57 . 2012-09-27 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-09-27 11:57 . 2012-09-27 11:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\TestApp
2012-09-27 10:18 . 2012-09-27 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Antivirus
2012-09-25 11:36 . 2012-09-25 11:36 -------- d-----w- C:\$WIN_NT$.~LS
2012-09-21 01:24 . 2012-09-21 01:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-09-21 01:17 . 2012-09-24 16:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\adaware
2012-09-21 01:16 . 2011-11-29 04:59 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-09-21 01:16 . 2011-11-29 04:59 21240 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-09-21 01:16 . 2012-09-21 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-09-21 01:16 . 2012-09-24 16:12 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-09-21 01:16 . 2012-09-21 01:16 -------- d-----w- c:\windows\system32\drivers\VDD
2012-09-21 01:15 . 2012-09-21 01:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2012-09-21 01:12 . 2012-09-21 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-09-21 01:12 . 2012-09-21 01:12 -------- d-----w- c:\program files\Toolbar Cleaner
2012-09-21 01:12 . 2012-09-27 15:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\adawaretb
2012-09-21 01:12 . 2012-09-21 01:12 -------- d-----w- c:\program files\adawaretb
2012-09-21 01:08 . 2012-09-24 16:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ad-Aware Antivirus
2012-09-19 03:45 . 2012-09-19 03:46 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-19 01:59 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-19 01:59 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-19 01:59 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-19 01:59 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-19 01:59 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-19 01:59 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-09-19 01:59 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-09-19 01:59 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-09-19 01:58 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-19 01:58 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-19 01:57 . 2012-09-19 01:57 -------- d-----w- c:\program files\AVAST Software
2012-09-19 01:57 . 2012-09-19 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-09-18 00:49 . 2012-09-18 00:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\flamerobin
2012-09-18 00:49 . 2012-09-18 00:49 -------- d-----w- c:\program files\FlameRobin
2012-09-18 00:48 . 2009-07-22 15:46 450560 ----a-w- c:\windows\system32\GDS32.DLL
2012-09-18 00:48 . 2009-07-22 15:59 462848 ----a-w- c:\windows\system32\Firebird2Control.cpl
2012-09-18 00:48 . 2012-09-18 00:48 -------- d-----w- c:\program files\Firebird
2012-09-18 00:46 . 2012-09-18 00:49 -------- d-----w- c:\program files\TCASH4
2012-09-17 07:23 . 2012-09-17 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\RegRun
2012-09-17 07:23 . 2012-09-17 07:23 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-09-17 07:23 . 2012-09-17 07:23 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-09-17 07:23 . 2012-09-17 07:23 2 --shatr- c:\windows\winstart.bat
2012-09-17 07:23 . 2012-09-10 10:59 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-09-17 07:23 . 2012-09-17 07:25 -------- d-----w- c:\program files\UnHackMe
2012-09-17 07:02 . 2012-09-17 07:03 -------- d-----w- c:\program files\Resource Hacker
2012-09-14 23:51 . 2012-09-14 23:51 -------- d-----w- C:\$WINDOWS.~BT
2012-09-06 20:41 . 2012-09-06 20:41 -------- d-----w- c:\program files\Common Files\xing shared
2012-09-06 20:40 . 2012-09-06 20:41 -------- d-----w- c:\program files\Real
2012-09-03 13:57 . 2012-09-03 13:57 -------- d-----w- c:\program files\ID Security Suite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 06:30 . 2012-05-17 08:23 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 06:30 . 2012-05-17 08:23 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 06:28 . 2012-07-24 22:27 9573296 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-06 23:14 . 2012-05-17 08:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-06 23:14 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-28 15:14 . 2007-09-03 15:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 01:07 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2007-09-03 15:57 385024 ----a-w- c:\windows\system32\html.iec
2012-07-09 03:14 . 2012-05-24 23:09 164880 ---ha-w- c:\documents and settings\Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2012-07-04 14:05 . 2012-05-17 07:55 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2007-09-03 15:56 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-09-06 01:26 . 2012-09-19 03:45 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft AutoScreenRecorder 3.1 Pro"="0" [X]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2012-05-28 1494216]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 466704]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2012-05-19 6379928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-29 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-29 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-29 81920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"IPHider"="c:\program files\IP Hider\IP Hider.exe" [2009-01-06 1351680]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-09-06 296096]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
On-Screen Keyboard.lnk - c:\windows\system32\osk.exe [2007-9-3 215552]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MimioStudio.lnk - c:\program files\mimio\MimioStudio\mimiosys.exe [2012-3-19 576104]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@="[6cFgE][Ş?u?đ, ?i?eô ??? ga?e cő?ťř?l?e?š !!! !!! !]"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@="Portable Media Devices"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=2 (0x2)
"VMUSBArbService"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [27.9.2012 13:58 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [27.9.2012 13:58 342168]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8.8.2011 14:58 98928]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [19.9.2012 3:59 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19.9.2012 3:59 355632]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [27.9.2012 13:58 203120]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [21.9.2012 3:16 21240]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [12.7.2012 18:32 1239952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19.9.2012 3:59 21256]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [18.9.2012 2:48 81920]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [21.9.2012 3:16 77816]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [29.8.2011 23:11 665200]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [30.5.2012 23:48 28256]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [18.9.2012 2:48 2736128]
S0 SMR300;Symantec SMR Utility Service 3.0.0;c:\windows\system32\drivers\SMR300.SYS --> c:\windows\system32\drivers\SMR300.SYS [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [26.10.2011 14:23 101112]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [27.9.2012 14:25 575448]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [19.12.2011 13:20 3289032]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17.5.2012 10:23 250288]
S3 AIDA32Driver;AIDA32Driver;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\aida32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\aida32.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.5.2012 23:49 1691480]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [30.5.2012 23:48 28256]
S3 DarkSpy;DarkSpy;\??\c:\windows\system32\DarkSpyKernel.sys --> c:\windows\system32\DarkSpyKernel.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [19.9.2012 5:45 114144]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [27.9.2012 14:25 70768]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [27.9.2012 14:20 402368]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [4.8.2004 3:07 14336]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-24 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 16:32]
.
2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 06:30]
.
2012-09-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-KORISNIK-PC-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-05-24 15:42]
.
2012-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-09-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-19 09:12]
.
2012-05-17 c:\windows\Tasks\ESET SmartSecurity 4 - licenca.job
- c:\program files\ESET\ESET SmartSecurity 4 - licenca.bat [2012-05-17 07:22]
.
2012-09-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-2146992855-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2012-09-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-2146992855-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2012-08-25 c:\windows\Tasks\tonegenShakeIcon.job
- c:\program files\NCH Software\ToneGen\tonegen.exe [2012-07-05 13:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.hr/
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 127.0.0.1:8080
IE: I&zvoz u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxa048yu.default\
FF - prefs.js: browser.startup.homepage - www.google.hr
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-27 20:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-2146992855-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,c3,00,e4,9f,e4,a1,45,a5,ec,ad,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,c3,00,e4,9f,e4,a1,45,a5,ec,ad,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,c3,00,e4,9f,e4,a1,45,a5,ec,ad,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(180)
c:\program files\SpeedBit Video Accelerator\SBLSP.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(1132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2012-09-27 20:37:04
ComboFix-quarantined-files.txt 2012-09-27 18:37
ComboFix2.txt 2012-09-27 16:18
ComboFix3.txt 2012-06-15 13:06
ComboFix4.txt 2012-06-14 14:28
.
Pre-Run: 77.860.909.056 bytes free
Post-Run: 78.355.243.008 bytes free
.
- - End Of File - - 8B3F1805616DD714342EBE5EB1E5A223

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:17 AM

Posted 28 November 2012 - 08:14 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 30 November 2012 - 10:54 AM

I am here,listening.....(please help because it is a very bad thing)

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:17 AM

Posted 01 December 2012 - 07:30 AM

Okay, first uninstall Combofix using the uninstaller, the link is below:

http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE

Now run aswMBR

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#6 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 01 December 2012 - 02:39 PM

Here is the aswMBR.txt :

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-01 14:27:26
-----------------------------
14:27:26.260 OS Version: Windows 5.1.2600 Service Pack 3
14:27:26.260 Number of processors: 1 586 0x1601
14:27:26.260 ComputerName: KORISNIK-PC UserName:
14:27:28.963 Initialize success
14:43:34.026 AVAST engine defs: 12113001
14:43:43.635 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:43:43.635 Disk 0 Vendor: WDC_WD2500JS-60MHB5 10.02E04 Size: 238475MB BusType: 3
14:43:43.745 Disk 0 MBR read successfully
14:43:43.745 Disk 0 MBR scan
14:43:43.995 Disk 0 Windows XP default MBR code
14:43:44.026 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
14:43:44.042 Disk 0 Partition - 00 0F Extended LBA 85855 MB offset 312560640
14:43:44.104 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 85855 MB offset 312560703
14:43:44.198 Disk 0 scanning sectors +488392065
14:43:44.354 Disk 0 scanning C:\windows\system32\drivers
14:44:39.510 Service scanning
14:45:16.573 Modules scanning
14:45:27.042 Disk 0 trace - called modules:
14:45:27.073 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:45:27.073 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d63ab8]
14:45:27.073 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89da4ba8]
14:45:27.073 5 PCTCore.sys[b9e2282d] -> nt!IofCallDriver -> \Device\0000007a[0x89d23f18]
14:45:27.088 7 ACPI.sys[b9f5f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d22940]
14:45:27.573 AVAST engine scan C:\windows
14:45:43.729 AVAST engine scan C:\windows\system32
14:53:45.135 AVAST engine scan C:\windows\system32\drivers
14:54:15.088 AVAST engine scan C:\Documents and Settings\Administrator
15:25:53.260 AVAST engine scan C:\Documents and Settings\All Users
15:30:06.885 Scan finished successfully
20:29:35.151 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
20:29:35.151 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:17 AM

Posted 01 December 2012 - 06:34 PM

No rootkits so the Combofix fail is a mystery at this point.

Let's try a couple of good scanners and see if anything is here

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#8 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 02 December 2012 - 07:54 AM

Look, some files were found but I dont think it is really hiding in maps like MyDocuments or Downloads .In any case I deleted them but the problem persits....((by the way preventor.exe is a wipe disk utility downloaded from a trusted site and windows-start-menu-vistart.exe a windows 8 start menu enabling program downloaded from www.lee-soft.com/vistart/))

Here are the reports:

1.mbam-log-2012-12-02 (12-34-19).txt

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Verzija baze podataka: v2012.12.01.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: KORISNIK-PC [administrator]

2.12.2012 2:28:20
mbam-log-2012-12-02 (12-34-19).txt

Tip provjere: Kompletna provjera (C:\|J:\|)
Opcije provjere omogućene: Memorija | Startup | Registri | Sistemske datoteke | Heurestika/Extra | Heurestika/Shuriken | PUP | PUM
Opcije provjere onemogućene: P2P
Provjereni objekti: 351907
Vrijeme trajanja: 5 sat(i), 20 minuta, 49 sekundi

Detektirani procesi u memoriji: 0
(Zloćudne stavke nisu otkrivene)

Detektirani moduli u memoriji: 0
(Zloćudne stavke nisu otkrivene)

Detektirani ključevi u registru: 0
(Zloćudne stavke nisu otkrivene)

Detektirani vrijednosti u registru: 0
(Zloćudne stavke nisu otkrivene)

Detektirani podaci u registru: 0
(Zloćudne stavke nisu otkrivene)

Detektirani direktoriji: 0
(Zloćudne stavke nisu otkrivene)

Detektirane datoteke: 6
C:\Documents and Settings\Administrator\My Documents\My Virtual Machines\Windows XP Professional\Shared vm map\windows-start-menu-vistart.exe (Adware.Bundler) -> Nije pokrenuta niti jedna akcija.
C:\Documents and Settings\Administrator\My Documents\Downloads\wik amp the fable of souls full version windows setup.exe (PUP.AdBundle) -> Nije pokrenuta niti jedna akcija.
C:\Documents and Settings\Administrator\My Documents\Downloads\windows-start-menu-vistart.exe (Adware.Bundler) -> Nije pokrenuta niti jedna akcija.
C:\Documents and Settings\Administrator\My Documents\Downloads\deep sjeng 3 x setup.exe (PUP.AdBundle) -> Nije pokrenuta niti jedna akcija.
C:\Program Files\Dr Preventor\DrPreventor.exe (Rogue.FakeMSE) -> Nije pokrenuta niti jedna akcija.
C:\Documents and Settings\Administrator\Application Data\msconfig.ini (Trojan.Agent) -> Nije pokrenuta niti jedna akcija.

(kraj)

2.SUPERAntiSpyware Scan Log - 12-02-2012 - 08-41-16.log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/02/2012 at 08:41 AM

Application Version : 5.6.1014

Core Rules Database Version : 9669
Trace Rules Database Version: 7481

Scan type : Complete Scan
Total Scan Time : 05:55:20

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 649
Memory threats detected : 0
Registry items scanned : 38665
Registry threats detected : 5
File items scanned : 65957
File threats detected : 1324

Registry Cleaner Trial
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\0FY3V2JP.txt [ /c1.atdmt.com ]
C:\Documents and Settings\Administrator\Cookies\PCR15XGV.txt [ /ad.net.hr ]
C:\Documents and Settings\Administrator\Cookies\5WGQHDEE.txt [ /apmebf.com ]
C:\Documents and Settings\Administrator\Cookies\EDSOI4DQ.txt [ /atdmt.com ]
C:\Documents and Settings\Administrator\Cookies\NNFF7X0G.txt [ /adtech.de ]
C:\Documents and Settings\Administrator\Cookies\5P05VJ9I.txt [ /media6degrees.com ]
C:\Documents and Settings\Administrator\Cookies\3IP2A2K4.txt [ /c.atdmt.com ]
C:\Documents and Settings\Administrator\Cookies\J2EXXZKZ.txt [ /dmtracker.com ]
C:\Documents and Settings\Administrator\Cookies\XK07KKNZ.txt [ /xiti.com ]
C:\Documents and Settings\Administrator\Cookies\TBBV8NEF.txt [ /ad.360yield.com ]
C:\Documents and Settings\Administrator\Cookies\LHMBSQDD.txt [ /ru4.com ]
C:\Documents and Settings\Administrator\Cookies\QG3DVJDS.txt [ /hr.search.etargetnet.com ]
C:\Documents and Settings\Administrator\Cookies\JCUZGR3M.txt [ /adbrite.com ]
C:\Documents and Settings\Administrator\Cookies\UDNYUBJ3.txt [ /revsci.net ]
C:\Documents and Settings\Administrator\Cookies\F7YG4ACW.txt [ /msnportal.112.2o7.net ]
C:\Documents and Settings\Administrator\Cookies\YMGAWV6C.txt [ /doubleclick.net ]
C:\Documents and Settings\Administrator\Cookies\3YWQJ5CE.txt [ /acpmagazines.112.2o7.net ]
C:\Documents and Settings\Administrator\Cookies\NBC46HPP.txt [ /tribalfusion.com ]
C:\Documents and Settings\Administrator\Cookies\AE6MYCQN.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\Administrator\Cookies\KN8N12PQ.txt [ /at.atwola.com ]
C:\Documents and Settings\Administrator\Cookies\7EWDLGRH.txt [ /googleads.g.doubleclick.net ]
C:\Documents and Settings\Administrator\Cookies\MO8XASAA.txt [ /lucidmedia.com ]
C:\Documents and Settings\Administrator\Cookies\ZBEBIAFY.txt [ /invitemedia.com ]
C:\Documents and Settings\Administrator\Cookies\OAC7UMGK.txt [ /imrworldwide.com ]
C:\Documents and Settings\Administrator\Cookies\CON9RYRM.txt [ /ads.adk2.com ]
C:\Documents and Settings\Administrator\Cookies\RUDPLP11.txt [ /atwola.com ]
C:\Documents and Settings\Administrator\Cookies\SK6LHRRY.txt [ /in.getclicky.com ]
C:\Documents and Settings\Administrator\Cookies\FKSPZ37N.txt [ /casalemedia.com ]
C:\Documents and Settings\Administrator\Cookies\GXCKW3XG.txt [ /interclick.com ]
C:\Documents and Settings\Administrator\Cookies\2NP7L3L1.txt [ /kontera.com ]
C:\Documents and Settings\Administrator\Cookies\TMJI7400.txt [ /doubleclick.net ]
C:\Documents and Settings\Administrator\Cookies\C70IL67N.txt [ /martiniadnetwork.com ]
C:\Documents and Settings\Administrator\Cookies\3DRMR2UO.txt [ /serving-sys.com ]
C:\Documents and Settings\Administrator\Cookies\4IISAA0E.txt [ /statcounter.com ]
C:\Documents and Settings\Administrator\Cookies\KD4NI1U1.txt [ /server.iad.liveperson.net ]
C:\Documents and Settings\Administrator\Cookies\6VQRNO2W.txt [ /mediaplex.com ]
C:\Documents and Settings\Administrator\Cookies\V6VI32NV.txt [ /advertising.com ]
C:\Documents and Settings\Administrator\Cookies\CF3MJG3T.txt [ /ads.p161.net ]
C:\Documents and Settings\Administrator\Cookies\L54Y4NBQ.txt [ /etargetnet.com ]
C:\Documents and Settings\Administrator\Cookies\Q1BHAP6V.txt [ /arvatodigitalservices.112.2o7.net ]
C:\Documents and Settings\Administrator\Cookies\16HT3P35.txt [ /ar.atwola.com ]
C:\Documents and Settings\Administrator\Cookies\L2A4B01G.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Administrator\Cookies\9AN9F7R9.txt [ /liveperson.net ]
C:\Documents and Settings\Administrator\Cookies\CQM926AZ.txt [ /liveperson.net ]
C:\Documents and Settings\Administrator\Cookies\XU00OJ8T.txt [ /ad.vecernji.hr ]
C:\Documents and Settings\Administrator\Cookies\EY4IYKB3.txt [ /247realmedia.com ]
C:\Documents and Settings\Administrator\Cookies\Z92CS94C.txt [ /track.adform.net ]
C:\Documents and Settings\Administrator\Cookies\EQ2DYZ8E.txt [ /smartadserver.com ]
C:\Documents and Settings\Administrator\Cookies\J5ULWK6S.txt [ /realmedia.com ]
C:\Documents and Settings\Administrator\Cookies\AHAYGQJG.txt [ /etargetnet.com ]
C:\Documents and Settings\Administrator\Cookies\79HMHSWO.txt [ /casalemedia.com ]
C:\Documents and Settings\Administrator\Cookies\AG12SLG7.txt [ /adform.net ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\DMG3G13L.txt [ Cookie:administrator@clkads.com/adServe ]
click.kink.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AW5KZ5CS ]
core.saymedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AW5KZ5CS ]
female-superxxx.info [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AW5KZ5CS ]
secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AW5KZ5CS ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AW5KZ5CS ]
www.sexyfootgirls.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AW5KZ5CS ]
.ero-advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.flagcounter.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.trafficshop.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
tracking.vid4u.org [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.harrenmedianetwork.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QXA048YU.DEFAULT\COOKIES.SQLITE ]
................
(report shorten to be able to post)

Trojan.Agent/Gen-Nebuler
ZIP ARCHIVE( C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\ID_INSTALL_WATCH_3_5_SERIAL_KEYGEN_BY_VIKING.ZIP )/ID_INSTALL_WATCH_3_5_SERIAL_KEYGEN_BY_VIKING.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\ID_INSTALL_WATCH_3_5_SERIAL_KEYGEN_BY_VIKING.ZIP

Trojan.Agent/Gen-Yoddos
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\PREUZIMANJA\HDAT2ISO_V49B1.EXE

Heur.Agent/Gen-WhiteBox
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\PREUZIMANJA\INSTALLER_HP_COMPAQ_DX2300_BIOS_1_08_REV__A_ENGLISH.EXE

Adware.InstallMate
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\PREUZIMANJA\OI_IPHIDEREXE.EXE

Trojan.Agent/Gen-Graftor
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\MY DOCUMENTS\PREUZIMANJA\SOUNDTAP STREAMING AUDIO RECORDER SETUP.EXE

PUP.BabylonToolbar
C:\PROGRAM FILES\BABYLONTOOLBAR\BABYLONTOOLBAR\1.5.3.17\BABYLONTOOLBARAPP.DLL
C:\PROGRAM FILES\BABYLONTOOLBAR\BABYLONTOOLBAR\1.5.3.17\BABYLONTOOLBARENG.DLL
C:\PROGRAM FILES\BABYLONTOOLBAR\BABYLONTOOLBAR\1.5.3.17\BABYLONTOOLBARSRV.EXE
C:\PROGRAM FILES\BABYLONTOOLBAR\BABYLONTOOLBAR\1.5.3.17\BABYLONTOOLBARTLBR.DLL
C:\PROGRAM FILES\BABYLONTOOLBAR\BABYLONTOOLBAR\1.5.3.17\BH\BABYLONTOOLBAR.DLL

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:17 AM

Posted 02 December 2012 - 05:35 PM

In any case I deleted them but the problem persits


I asked you to uninstall Combofix and so I cannot understand how you would know the problem with running Combofix is persisting?
Posted Image
m0le is a proud member of UNITE

#10 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 02 December 2012 - 06:41 PM

I have problems on PC that are:
1.middle button click does not activate the scrolling cursor or the cursor appears with about 5 seconds delay.
2.operating systems on vmware player virtual machine don't function properly(wm-player not responding or blocking the pc if trying to edit its preferences when a OS is loaded,cursor in vm-ware player not responding every 2-3 seconds(XP) or slow system performance (Windows8)and a long loading of all OS in vm-ware player.
3.audio problems with streaming media(rustling)-not in every occasion
4.already loaded flash video gets stuck for a while every 5 sec.
5.delaying when moving a window
6.unforeseen stuck while opening maps or using task-buttons or scrollbar in explorer
7.desktop or taskbar frozen for 2-5 min etc...

I ment those problems(that's why i am trying to use Combofix....When you told me to uninstall it I just uninstall it without reinstalling it again.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:17 AM

Posted 03 December 2012 - 07:32 PM

The symptoms are in the main not malware typical but please run OTL and I'll take a deeper look

  • Please download OTL
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.

Posted Image
m0le is a proud member of UNITE

#12 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 04 December 2012 - 08:28 AM

OTL logfile created on: 4.12.2012 4:51:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,79% Memory free
3,83 Gb Paging File | 3,19 Gb Available in Paging File | 83,34% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 30,47 Gb Free Space | 20,45% Space Free | Partition Type: NTFS
Drive J: | 83,84 Gb Total Space | 43,24 Gb Free Space | 51,57% Space Free | Partition Type: NTFS

Computer Name: KORISNIK-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.04 03:05:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL (3).exe
PRC - [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 00:14:10 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012.08.25 21:27:58 | 000,545,552 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012.08.25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012.07.12 17:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.07.12 17:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012.07.11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012.05.28 01:06:54 | 000,265,928 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2012.04.30 20:04:58 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2012.04.30 20:04:44 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2012.04.30 16:54:52 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2012.04.19 04:57:44 | 000,336,952 | ---- | M] (Power Software Ltd) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2012.04.04 17:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2011.12.19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011.10.21 10:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011.08.29 22:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011.07.13 21:14:52 | 000,311,664 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\Education Software\UCService.exe
PRC - [2011.07.13 21:14:40 | 001,761,136 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009.07.22 16:54:14 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2009.07.22 16:53:44 | 002,736,128 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2008.12.04 12:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.04.14 04:42:32 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\osk.exe
PRC - [2008.04.14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.14 15:50:30 | 001,556,480 | ---- | M] (D-Link) -- C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
PRC - [2007.01.19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2004.08.04 02:07:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msswchx.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.28 04:43:17 | 000,460,904 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll
MOD - [2012.11.28 04:43:15 | 004,008,040 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012.11.28 04:42:22 | 000,157,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012.11.28 04:42:21 | 002,168,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012.11.28 04:42:21 | 000,275,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2012.11.04 01:28:23 | 000,948,128 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_x-ww_b2691301\QtNetwork4.dll
MOD - [2012.11.04 01:28:22 | 008,266,656 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_x-ww_b2691301\QtGui4.dll
MOD - [2012.11.04 01:28:21 | 002,296,736 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_x-ww_b2691301\QtCore4.dll
MOD - [2012.09.25 15:07:36 | 000,165,768 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
MOD - [2012.09.25 15:07:34 | 000,190,344 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
MOD - [2012.04.30 20:04:40 | 001,229,424 | ---- | M] () -- C:\Program Files\VMware\VMware Player\libxml2.dll
MOD - [2012.04.04 06:54:08 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.HRV
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008.12.03 13:05:26 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008.11.26 09:56:02 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.11.03 07:38:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.07.12 17:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.07.11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012.06.22 14:34:12 | 001,118,680 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012.06.22 13:21:50 | 000,402,368 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012.06.22 10:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012.05.28 01:06:54 | 000,265,928 | ---- | M] (SpeedBit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2012.04.30 20:04:58 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.04.30 20:04:44 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2012.04.30 16:54:52 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.04.04 17:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.12.19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011.08.29 22:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011.07.13 21:14:52 | 000,311,664 | ---- | M] (SMART Technologies ULC) [Auto | Running] -- C:\Program Files\SMART Technologies\Education Software\UCService.exe -- (SMART Display Controller)
SRV - [2011.07.13 21:14:40 | 001,761,136 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.07.22 16:54:14 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009.07.22 16:53:44 | 002,736,128 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2007.01.19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\SMR300.SYS -- (SMR300)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DarkSpyKernel.sys -- (DarkSpy)
DRV - [2012.11.03 13:28:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.25 21:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012.06.22 14:34:52 | 000,203,120 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012.06.22 10:39:14 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012.06.03 09:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2012.04.30 20:05:06 | 000,055,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2012.04.30 20:04:32 | 000,023,792 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2012.04.30 20:04:06 | 000,025,584 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2012.04.30 20:03:32 | 000,033,776 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2012.04.30 20:03:20 | 000,025,712 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2012.04.30 16:22:42 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012.04.23 11:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012.04.19 04:57:38 | 000,113,072 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012.02.28 10:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011.11.29 05:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011.11.29 05:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011.10.26 13:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011.08.29 22:11:00 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2011.08.25 16:31:50 | 000,033,352 | ---- | M] (wj32) [Kernel | On_Demand | Stopped] -- C:\Program Files\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2)
DRV - [2011.08.16 11:46:02 | 006,427,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011.08.08 13:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.06.26 01:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2011.06.26 01:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand)
DRV - [2009.11.18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.02.12 02:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2008.02.05 00:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007.01.10 14:03:20 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\BIOSTools\NTGLM7X.sys -- (DualCoreCenter)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005.12.11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005.11.03 19:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005.10.16 07:00:00 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1454471165-2146992855-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
IE - HKU\S-1-5-21-1454471165-2146992855-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1454471165-2146992855-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr
IE - HKU\S-1-5-21-1454471165-2146992855-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 FD 8F 82 AA 9F CD 01 [binary data]
IE - HKU\S-1-5-21-1454471165-2146992855-839522115-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1454471165-2146992855-839522115-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1454471165-2146992855-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-2146992855-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.hr"
FF - prefs.js..extensions.enabledAddons: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.07 00:15:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.03 07:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.26 16:16:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozillaextension@somud.com: C:\Program Files\SoMud\scripts\mozilla
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\mozillaextension@somud.com: C:\Program Files\SoMud\scripts\mozilla

[2012.09.19 04:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012.11.14 06:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxa048yu.default\extensions
[2012.09.24 17:13:39 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxa048yu.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012.09.21 02:12:37 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxa048yu.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012.06.13 16:56:58 | 000,035,720 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxa048yu.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi
[2012.11.03 07:38:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.11.03 07:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated(2)\updated(2)\extensions(2)
[2012.11.03 07:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated(2)\updated(2)\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2012.11.03 07:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated(3)\extensions(2)
[2012.11.03 07:38:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated(3)\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2012.11.03 07:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated(3)\updated(2)(2)\updated(2)(2)\extensions(2)(2)
[2012.11.03 07:38:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated(3)\updated(2)(2)\updated(2)(2)\extensions(2)(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)(2)
[2012.11.03 07:38:11 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.11.03 07:38:07 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.11.03 07:38:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.03 07:38:07 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.11.03 07:38:07 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eudict.xml
[2012.11.03 07:38:07 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.11.03 07:38:07 | 000,001,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-hr.xml

========== Chrome ==========

CHR - homepage: http://www.google.hr/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.hr/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google pretra\u017Eivanje = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AP Suggestor = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibnmbpihhamedhophbnjjpidokcknoid\1.2.5_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012.09.27 17:14:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (AP Suggestor) - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-2146992855-839522115-500\..\Toolbar\WebBrowser: (no name) - {2B171655-A70C-5C18-B693-6CB5DC269D41} - No CLSID value found.
O3 - HKU\S-1-5-21-1454471165-2146992855-839522115-500\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [SMART Board Tools] C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1454471165-2146992855-839522115-500..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-1454471165-2146992855-839522115-500..\Run: [DriverMax_RESTART] File not found
O4 - HKU\S-1-5-21-1454471165-2146992855-839522115-500..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1454471165-2146992855-839522115-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1454471165-2146992855-839522115-500..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\On-Screen Keyboard.lnk = C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\~Disabled [2012.10.12 15:09:07 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-2146992855-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1454471165-2146992855-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-2146992855-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-2146992855-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\vsocklib.dll (VMware, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1337243554546 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1337243547968 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31728563-33FC-4BD7-AA4B-0834A4717185}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65007A2E-C12F-467F-B06F-5521B7DB7808}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4BCFCC8-F3C4-4BE4-BDC6-668839598CF0}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.05.17 09:01:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.05.21 15:30:32 | 000,643,192 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.02 02:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2012.12.02 02:30:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012.12.02 02:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012.12.02 02:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.12.02 01:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.02 01:56:05 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.12.02 01:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.01 03:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ezvid
[2012.12.01 02:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\ezvid
[2012.12.01 02:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Serif
[2012.12.01 02:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif Applications
[2012.12.01 02:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2012.11.29 04:37:25 | 000,000,000 | ---D | C] -- C:\Nova mapa
[2012.11.29 00:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Key Metric Software
[2012.11.28 22:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mathematica
[2012.11.28 22:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mathematica
[2012.11.28 22:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wolfram Research
[2012.11.28 22:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft
[2012.11.28 22:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mathematica
[2012.11.28 22:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wolfram Mathematica
[2012.11.28 22:16:48 | 000,334,352 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mltcpip32.mlp
[2012.11.28 22:16:48 | 000,093,712 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mltcp32.mlp
[2012.11.28 22:16:48 | 000,088,080 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mlshm32.mlp
[2012.11.28 22:16:48 | 000,079,376 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mlmap32.mlp
[2012.11.28 22:16:46 | 000,163,344 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\mlmodule32.dll
[2012.11.28 22:16:45 | 000,370,704 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\ml32i3.dll
[2012.11.28 22:16:44 | 000,260,112 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\ml32i2.dll
[2012.11.28 22:16:44 | 000,253,968 | ---- | C] (Wolfram Research, Inc.) -- C:\WINDOWS\System32\ml32i1.dll
[2012.11.28 00:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Gotovina Del Ponte prije optužnice nije tražila razgovor - Aktualno - hrvatska - Večernji list_files
[2012.11.26 23:16:45 | 000,177,496 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\91944782.sys
[2012.11.26 23:07:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012.11.26 16:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Winamp Detector Plug-in
[2012.11.26 16:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2012.11.26 16:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2012.11.26 16:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\VMware
[2012.11.25 20:48:13 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2012.11.25 20:48:13 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2012.11.25 20:48:12 | 002,095,600 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2012.11.25 20:48:12 | 000,698,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2012.11.25 20:48:12 | 000,571,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2012.11.25 20:48:12 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2012.11.25 20:48:12 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2012.11.25 20:48:12 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2012.11.25 20:48:12 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2012.11.25 20:48:12 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2012.11.25 20:48:12 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2012.11.25 20:48:12 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2012.11.25 20:48:12 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2012.11.25 20:48:12 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2012.11.25 20:48:12 | 000,059,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwma.dll
[2012.11.25 20:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2012.11.25 20:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2012.11.25 00:11:49 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.11.25 00:09:08 | 005,006,963 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\avs.exe
[2012.11.24 23:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2012.11.24 23:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sandlot Shared
[2012.11.24 22:13:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.11.22 14:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2012.11.21 11:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\SolidWorks Downloads
[2012.11.19 22:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012.11.19 22:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.11.15 20:01:06 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\synceng.dll
[2012.11.14 17:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adventure Ball
[2012.11.14 17:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adventure Ball
[2012.11.13 15:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Softwrap
[2012.11.13 15:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Fonts
[2012.11.13 15:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Config
[2012.11.13 15:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ricochet Xtreme
[2012.11.13 14:35:25 | 000,000,000 | ---D | C] -- C:\GameHouse Games
[2012.11.13 06:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hollywood
[2012.11.12 17:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012.11.12 17:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2012.11.12 17:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2012.11.12 17:48:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2012.11.12 13:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2012.11.12 13:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012.11.12 13:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.11.11 14:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\D-Link AirPlus G
[2012.11.11 14:24:21 | 001,327,189 | ---- | C] (Funk Software, Inc.) -- C:\WINDOWS\System32\odSupp_M.dll
[2012.11.11 14:24:21 | 000,667,648 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\ANIWZCS2.dll
[2012.11.11 14:24:21 | 000,249,856 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\wnicapi.dll
[2012.11.11 14:24:21 | 000,225,280 | ---- | C] (ANI ) -- C:\WINDOWS\System32\WlanApp.dll
[2012.11.11 14:24:21 | 000,204,800 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\aIPH.dll
[2012.11.11 14:24:21 | 000,049,152 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\AQCKGen.dll
[2012.11.11 14:24:21 | 000,045,115 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANICtl.dll
[2012.11.11 14:24:05 | 000,036,864 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIOApi.dll
[2012.11.11 14:24:05 | 000,028,195 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO.sys
[2012.11.11 14:24:04 | 000,048,128 | ---- | C] (Alpha Networks Inc.) -- C:\WINDOWS\System32\ANIO64.sys
[2012.11.11 14:24:04 | 000,011,904 | ---- | C] (ANI ) -- C:\WINDOWS\System32\anio4.sys
[2012.11.11 14:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\ANI
[2012.11.11 14:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2012.11.11 14:23:55 | 000,401,536 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\drivers\A3AB9x.sys
[2012.11.11 14:23:55 | 000,380,288 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System\rt619x.sys
[2012.11.11 14:23:55 | 000,248,320 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\Dr71WU98.sys
[2012.11.11 14:23:55 | 000,248,320 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System\Dr71WU98.sys
[2012.11.11 14:23:55 | 000,247,808 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt25u98.sys
[2012.11.11 14:23:55 | 000,247,808 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System\rt25u98.sys
[2012.11.11 14:23:55 | 000,243,456 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt2500usb.sys
[2012.11.11 14:23:55 | 000,243,456 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System\rt2500usb.sys
[2012.11.11 14:23:55 | 000,162,304 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt52u98.sys
[2012.11.11 14:23:55 | 000,162,304 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System\rt52u98.sys
[2012.11.11 14:23:54 | 000,073,728 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\System32\ISUSPM.cpl
[2012.11.11 14:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Innovative Solutions
[2012.11.11 14:06:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverMax
[2012.11.11 14:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2012.11.11 13:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Eraser 6
[2012.11.11 13:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dr Preventor
[2012.11.11 13:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Dr Preventor
[2012.11.11 08:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Nucalc
[2012.11.10 04:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\SoMud
[2012.11.10 04:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SoMud
[2012.11.10 04:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\AP Suggestor
[2012.11.10 04:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Movie Torrent
[2012.11.10 03:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware
[2012.11.10 01:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adarian
[2012.11.10 01:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Adarian
[2012.11.10 01:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adarian
[2012.11.07 09:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DassaultSystemes
[2012.11.07 09:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2012.11.07 09:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DassaultSystemes
[2012.11.07 09:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMSOL 4.1
[2012.11.07 09:11:51 | 000,000,000 | ---D | C] -- C:\COMSOL4.1
[2012.11.06 21:02:20 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2012.11.06 13:55:47 | 000,000,000 | ---D | C] -- C:\COMSOL41
[2012.11.06 13:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\ANSYS Inc
[2012.11.06 13:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ansys
[2012.11.06 13:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.comsol
[2012.11.06 00:13:40 | 000,364,360 | ---- | C] (EasyTech) -- C:\WINDOWS\System32\EasyRedirect.dll
[2012.11.06 00:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Easy-Hide-IP
[2012.11.05 23:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Hide IP
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.12.04 05:28:29 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-2146992855-839522115-500UA.job
[2012.12.04 05:12:38 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{65007A2E-C12F-467F-B06F-5521B7DB7808}
[2012.12.04 04:00:18 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012.12.04 04:00:05 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-2146992855-839522115-500.job
[2012.12.04 03:59:59 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1454471165-2146992855-839522115-500.job
[2012.12.04 03:59:53 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{65007A2E-C12F-467F-B06F-5521B7DB7808}
[2012.12.04 03:59:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.12.04 03:58:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.12.04 02:43:07 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 47da45d6-4fed-4536-ab17-a0cd643245f4.job
[2012.12.04 02:00:00 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 11fa717f-52de-4bf5-8122-c57a34f78e17.job
[2012.12.03 22:19:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-2146992855-839522115-500Core.job
[2012.12.02 22:58:39 | 000,000,341 | ---- | M] () -- C:\WINDOWS\ScreenHunter.INI
[2012.12.02 12:44:35 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2012.12.02 12:42:56 | 000,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.02 02:30:53 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.12.02 01:56:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.01 20:29:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012.12.01 03:00:04 | 000,028,837 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2012.12.01 03:00:04 | 000,011,273 | ---- | M] () -- C:\WINDOWS\unins000.msg
[2012.12.01 02:02:26 | 000,000,009 | ---- | M] () -- C:\END
[2012.11.30 06:25:52 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012.11.29 04:35:47 | 000,015,884 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ptcsetup.bak
[2012.11.29 00:19:43 | 000,002,216 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012.11.28 16:04:35 | 000,000,328 | -HS- | M] () -- C:\boot.ini
[2012.11.28 00:54:38 | 000,169,352 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Gotovina Del Ponte prije optužnice nije tražila razgovor - Aktualno - hrvatska - Večernji list.htm
[2012.11.26 23:16:45 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\91944782.sys
[2012.11.26 23:07:17 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012.11.26 12:40:31 | 005,006,963 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\avs.exe
[2012.11.26 01:37:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\tonegenShakeIcon.job
[2012.11.25 20:48:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.11.25 20:48:29 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2012.11.22 14:20:58 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2012.11.19 22:57:03 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.11.19 22:23:46 | 000,002,657 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ScreenHunter 6.0 Pro.lnk
[2012.11.16 03:21:33 | 000,638,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.11.16 03:21:33 | 000,129,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.11.16 03:05:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.11.14 17:12:09 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Adventure Ball.lnk
[2012.11.13 15:47:41 | 000,066,548 | ---- | M] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012.11.13 15:47:41 | 000,017,632 | ---- | M] () -- C:\WINDOWS\Coffee Bean.bmp
[2012.11.13 15:47:41 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw
[2012.11.11 14:25:34 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\D-Link AirPlus Utility.lnk
[2012.11.11 14:06:36 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2012.11.11 13:13:59 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dr. Preventor.lnk
[2012.11.11 08:35:14 | 000,000,100 | ---- | M] () -- C:\WINDOWS\NUCALC.INI
[2012.11.11 08:16:57 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.11 01:32:09 | 001,361,920 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AutoScreenRecorder_01 Nov. 11 01.32.avi
[2012.11.11 01:31:29 | 000,002,717 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AutoScreenRecorder 3.1 Pro.lnk
[2012.11.10 01:30:50 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Adarian Money for Windows.lnk
[2012.11.08 08:28:59 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012.11.07 23:21:19 | 000,003,608 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2012.11.07 23:21:19 | 000,002,152 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2012.11.07 09:48:21 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMSOL Multiphysics 4.1.lnk
[2012.11.05 00:33:35 | 110,818,514 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Sve u redu.reg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.12.02 02:43:00 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 47da45d6-4fed-4536-ab17-a0cd643245f4.job
[2012.12.02 02:42:59 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 11fa717f-52de-4bf5-8122-c57a34f78e17.job
[2012.12.02 02:30:53 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.12.02 01:56:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.01 20:29:35 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012.12.01 03:00:04 | 000,011,273 | ---- | C] () -- C:\WINDOWS\unins000.msg
[2012.12.01 03:00:03 | 000,028,837 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012.12.01 02:02:25 | 000,000,009 | ---- | C] () -- C:\END
[2012.11.29 04:31:25 | 000,015,884 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ptcsetup.bak
[2012.11.28 12:20:31 | 007,297,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RicochetSetup.exe
[2012.11.28 00:54:35 | 000,169,352 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Gotovina Del Ponte prije optužnice nije tražila razgovor - Aktualno - hrvatska - Večernji list.htm
[2012.11.25 20:48:29 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2012.11.24 23:12:45 | 003,643,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DockerSetup.exe
[2012.11.24 23:07:32 | 016,551,419 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CakeManiaSetup.exe
[2012.11.22 14:20:58 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2012.11.19 22:57:03 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012.11.14 17:12:09 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Adventure Ball.lnk
[2012.11.14 09:00:25 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2012.11.14 08:39:28 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1454471165-2146992855-839522115-500.job
[2012.11.13 15:24:40 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Global.sw
[2012.11.13 05:48:57 | 000,500,736 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Critter_1.6_32bit.exe
[2012.11.11 14:30:57 | 000,003,284 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCS{65007A2E-C12F-467F-B06F-5521B7DB7808}
[2012.11.11 14:25:34 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\D-Link AirPlus Utility.lnk
[2012.11.11 14:24:32 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{65007A2E-C12F-467F-B06F-5521B7DB7808}
[2012.11.11 14:24:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2012.11.11 14:24:05 | 000,016,997 | ---- | C] () -- C:\WINDOWS\System32\ANIO.VXD
[2012.11.11 14:23:55 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System\rt2661.bin
[2012.11.11 14:23:55 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System\rt2561s.bin
[2012.11.11 14:23:55 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System\rt2561.bin
[2012.11.11 14:23:55 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2012.11.11 14:23:55 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System\rt73.bin
[2012.11.11 14:06:36 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2012.11.11 13:13:59 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dr. Preventor.lnk
[2012.11.11 01:37:10 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\tonegenShakeIcon.job
[2012.11.11 01:32:09 | 001,361,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AutoScreenRecorder_01 Nov. 11 01.32.avi
[2012.11.10 01:30:50 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Adarian Money for Windows.lnk
[2012.11.08 08:28:59 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012.11.07 09:48:20 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMSOL Multiphysics 4.1.lnk
[2012.11.06 13:29:12 | 000,003,473 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\license.dat
[2012.11.06 00:13:47 | 000,003,608 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2012.11.06 00:13:47 | 000,002,152 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2012.11.05 00:33:21 | 110,818,514 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Sve u redu.reg
[2012.11.03 13:28:10 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2012.11.03 03:08:33 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\XDogcat.dll
[2012.10.29 05:49:17 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Administrator\untitled.xhb
[2012.10.29 05:49:17 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2012.10.25 02:41:30 | 000,617,954 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1454471165-2146992855-839522115-500-0.dat
[2012.10.24 18:01:03 | 000,202,926 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012.10.10 23:20:45 | 000,000,047 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\msconfig.ini
[2012.10.01 09:27:42 | 000,390,990 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2012.10.01 09:27:35 | 000,212,541 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2012.10.01 09:09:36 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2012.09.27 13:25:04 | 000,767,960 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012.06.18 22:52:26 | 000,000,100 | ---- | C] () -- C:\WINDOWS\NUCALC.INI
[2012.05.31 15:26:08 | 000,002,216 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012.05.31 03:55:19 | 000,000,017 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2012.05.30 22:15:24 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012.05.23 18:23:06 | 000,096,251 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\MixPad.dmp
[2012.05.23 17:52:44 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2012.05.23 03:00:56 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\mimio_printer_resource.dll
[2012.05.19 17:27:29 | 000,000,341 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2012.05.19 05:29:32 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool2.dat
[2012.05.19 01:08:03 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012.05.19 01:06:48 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012.05.18 22:49:17 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012.05.18 20:13:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.05.18 19:01:48 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.18 16:33:05 | 000,097,280 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\UrlManager.exe
[2012.05.18 16:33:05 | 000,002,405 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\urlManager.xml
[2012.05.18 13:47:48 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.05.18 00:18:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012.05.17 19:40:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012.05.17 18:17:20 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012.05.17 18:17:20 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2012.05.17 18:17:20 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012.05.17 18:17:20 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2012.05.17 18:17:20 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2012.05.17 18:17:20 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012.05.17 18:17:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012.05.17 18:17:19 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012.05.17 18:17:19 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012.05.17 18:17:19 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012.05.17 18:17:19 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012.05.17 18:17:19 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012.05.17 18:17:19 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012.05.17 18:17:19 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012.05.17 18:17:19 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012.05.17 18:17:19 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012.05.17 18:17:19 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012.05.17 18:17:19 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012.05.17 18:17:19 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012.05.17 10:50:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.05.17 10:48:12 | 000,259,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.17 09:24:06 | 000,000,394 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.05.17 09:15:01 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2012.05.17 09:14:58 | 000,348,880 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2012.05.17 09:05:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.05.17 08:57:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.04.22 21:12:22 | 004,424,704 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2012.04.09 00:40:36 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012.04.09 00:39:46 | 000,260,608 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2012.04.09 00:39:32 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2012.04.09 00:39:32 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2012.04.09 00:39:30 | 001,525,248 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2012.04.09 00:39:30 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2012.04.09 00:39:28 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2012.04.09 00:39:28 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2012.04.09 00:39:26 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2012.03.29 15:21:26 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2012.03.29 15:21:18 | 006,582,226 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-54.dll
[2012.03.29 15:21:18 | 001,152,365 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-54.dll
[2012.03.29 15:21:18 | 000,374,152 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll
[2012.03.29 15:21:18 | 000,207,872 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll
[2012.03.29 15:21:18 | 000,144,523 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll
[2011.12.07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\bdmjpeg.dll
[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2011.09.08 15:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011.09.08 15:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011.09.08 15:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011.09.08 15:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011.09.08 15:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011.09.08 15:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011.09.08 15:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011.09.08 15:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011.09.08 14:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011.09.08 14:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011.05.30 14:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.05.23 08:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll

========== ZeroAccess Check ==========

[2012.05.19 00:57:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Administrator\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0158E398

< End of report >

#13 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 04 December 2012 - 08:30 AM

OTL Extras logfile created on: 4.12.2012 4:51:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,79% Memory free
3,83 Gb Paging File | 3,19 Gb Available in Paging File | 83,34% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 30,47 Gb Free Space | 20,45% Space Free | Partition Type: NTFS
Drive J: | 83,84 Gb Total Space | 43,24 Gb Free Space | 51,57% Space Free | Partition Type: NTFS

Computer Name: KORISNIK-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1454471165-2146992855-839522115-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.NQFGY2TEKPNPLFIUS62EMRQKBU] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SMART Technologies\Education Software\UCGui.exe" = C:\Program Files\SMART Technologies\Education Software\UCGui.exe:*:Enabled:SMART Universal Controller Interface -- (SMART Technologies ULC)
"C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe" = C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe:*:Enabled:SMART SNMPAgent -- (SMART Technologies ULC)
"C:\Program Files\SMART Technologies\Education Software\UCService.exe" = C:\Program Files\SMART Technologies\Education Software\UCService.exe:*:Enabled:SMART Display Controller Service -- (SMART Technologies ULC)
"C:\Program Files\SMART Technologies\Education Software\VantageService.exe" = C:\Program Files\SMART Technologies\Education Software\VantageService.exe:*:Enabled:SMART Vantage Service -- (SMART Technologies ULC)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\Movie Torrent\Movie Torrent.exe" = C:\Program Files\Movie Torrent\Movie Torrent.exe:*:Enabled:Movie Torrent
"J:\RECYCLER\Mathematica.exe" = J:\RECYCLER\Mathematica.exe:*:Enabled:Wolfram Mathematica 8 -- (Wolfram Research, Inc.)
"J:\RECYCLER\MathKernel.exe" = J:\RECYCLER\MathKernel.exe:*:Enabled:Wolfram Mathematica 8 Kernel -- (Wolfram Research, Inc.)
"J:\RECYCLER\math.exe" = J:\RECYCLER\math.exe:*:Enabled:math.exe -- (Wolfram Research, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E5DD7A3-BE29-430C-970B-C553F4A58C39}" = SMART Common Platform
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1D694B58-FEA6-4D60-BB87-BD4A724A0DAE}" = VmciSockets
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67E6410C-1E97-4D03-BEC2-8E83323A6BBD}" = SMART Product Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72C462E7-BAD8-4E08-9D31-AE66FB1DB459}" = Wisdom-soft ScreenHunter 6.0.851 Pro
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9011041A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF42FDC-FFD3-4F30-B0D5-DA8A6E5316F7}_is1" = Total Screen Recorder Gold 1.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A99E0044-ED0D-478D-9B07-B0115190EDF5}_is1" = ID Install Watch 3.5.0.0
"{AC76BA86-7AD7-1050-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Croatian
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AE1D2141-7030-457F-A80D-4349A0CCA5DA}" = MimioStudio
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C76E78E4-118F-48B7-815A-7B46B34A2E6A}_is1" = Houdini 2.0 Pro
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0F246F5-90C7-446E-B8B3-EDF0D844DFB8}" = DeepJunior13.3
"{D5B1535A-FDFC-4B40-B2E2-21DA83D9CB57}" = Adobe Audition CS5.5
"{D83EFF2B-275E-4B49-9391-76C85606F3C9}" = SMART Croatian Language Pack
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E6D7E1A8-3DF6-4EAD-B382-C2BA8CD41EEB}" = Windows paket jezičnog sučelja
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED0FF410-41B9-441F-B457-4AC81782E8BF}" = SMART Notebook
"{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1" = CBR Reader
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC05472D-27AC-4076-A9D8-27500DE424FA}" = Wisdom-soft AutoScreenRecorder 3.1.375 Pro
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"7-Zip" = 7-Zip 9.20
"Adarian Money for Windows" = Adarian Money for Windows
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adventure Ball_is1" = Adventure Ball
"AP Suggestor" = AP Suggestor
"A-WIN-Extras 8.0.4 2615434_is1" = Mathematica Extras 8.0 (2615434)
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BFGC" = Big Fish Games: Game Manager
"BIOS Tools" = BIOS Tools
"BitTorrent" = BitTorrent
"BSPlayerf" = BS.Player FREE
"camcodec" = CamStudio Lossless Codec
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"COMSOL41" = COMSOL 4.1
"Creo Parametric Version 2.0 Datecode [M020]" = Creo Parametric Version 2.0 Datecode [M020]
"Deep Fritz 12 DL" = Deep Fritz 12 DL
"DMX5_is1" = DriverMax 6
"Dr. Preventor_is1" = Dr. Preventor v5.5
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Korisnički vodič" = Epson Stylus SX210_SX410_TX210_TX410 Priručnik
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"Fraps" = Fraps
"Free Screen To Video_is1" = Free Screen To Video V 2.0
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"HyperSnap 7" = HyperSnap 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.6.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verzija 1.65.1.1000
"Media Player - Codec Pack" = Media Player Codec Pack 4.2.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 15.0.1 (x86 hr)" = Mozilla Firefox 15.0.1 (x86 hr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3MyMP3_is1" = MP3MyMP3 3.1
"M-WIN-T 8.0.4 2615567_is1" = Wolfram Mathematica 8 (M-WIN-T 8.0.4 2615567)
"Nero8Lite_is1" = Nero 8 Lite 8.3.2.1
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Network Connections Drivers
"RBPlus" = Roulette Bot Plus
"RealPlayer 15.0" = RealPlayer
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.4.2)
"Sandboxie" = Sandboxie 3.74 (32-bit)
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"SopCast" = SopCast 3.5.0
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"ToneGen" = NCH Tone Generator
"VMware_Player" = VMware Player
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR arhiver
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-2146992855-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in
"WinImage" = WinImage

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.10.2012 15:20:34 | Computer Name = KORISNIK-PC | Source = Application Hang | ID = 1002
Description = Hanging application CBRReader.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 19.11.2012 12:23:03 | Computer Name = KORISNIK-PC | Source = ESENT | ID = 490
Description = svchost (288) An attempt to open the file "C:\windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 19.11.2012 12:23:08 | Computer Name = KORISNIK-PC | Source = ESENT | ID = 439
Description = Catalog Database (288) Unable to write a shadowed header for file
C:\windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.

Error - 19.11.2012 12:23:13 | Computer Name = KORISNIK-PC | Source = ESENT | ID = 473
Description = Catalog Database (288) Database C:\windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.

Error - 23.10.2012 9:18:53 | Computer Name = KORISNIK-PC | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 23.10.2012 9:18:53 | Computer Name = KORISNIK-PC | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 23.10.2012 9:18:54 | Computer Name = KORISNIK-PC | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 26.11.2012 11:15:29 | Computer Name = KORISNIK-PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 26.11.2012 11:18:16 | Computer Name = KORISNIK-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Browser Defender Update
Service service to connect.

Error - 26.11.2012 11:18:19 | Computer Name = KORISNIK-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SMR300

Error - 26.11.2012 18:19:08 | Computer Name = KORISNIK-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Browser Defender Update
Service service to connect.

Error - 26.11.2012 18:19:13 | Computer Name = KORISNIK-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SMR300

Error - 26.11.2012 18:46:21 | Computer Name = KORISNIK-PC | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Browser Defender Update
Service service to connect.

Error - 26.11.2012 18:46:25 | Computer Name = KORISNIK-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SMR300

Error - 28.11.2012 19:21:51 | Computer Name = KORISNIK-PC | Source = Service Control Manager | ID = 7034
Description = The Ad-Aware service terminated unexpectedly. It has done this 1
time(s).

Error - 28.11.2012 19:21:59 | Computer Name = KORISNIK-PC | Source = Service Control Manager | ID = 7034
Description = The Sandboxie Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2.12.2012 2:41:31 | Computer Name = KORISNIK-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.164 on
the Network Card with network address 00195B7BA6D1.


< End of report >

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:17 AM

Posted 04 December 2012 - 07:06 PM

We need to run an OTL Fix to clear up a few bits and pieces (no malware though)
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\SMR300.SYS -- (SMR300)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DarkSpyKernel.sys -- (DarkSpy)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0158E398
    :commands
    [EmptyTemp]
    [Reboot]
    
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Your PC might need a system file check and repair

We are going to run chkdsk which will verify and repair the file system

Step One: Click Start, select Run

Step Two: In the box, type cmd

Step Three: Click Ok

Step Four: Run the chkdsk utility by typing in the following command:

chkdsk c: /f /r

NOTE: The /f command automatically fixes any errors encountered, the /r command locates bad sectors and recovers readable information.

Step Five: A reboot is normally required for the chkdsk program to lock the disk and run correctly (this is typical on machines that have only one volume), so simply restart the computer and chkdsk will run automatically. When it's finished, (This process can take quite a while depending on the size of your disk, etc.), it will boot back to normal Windows.

On Rebooting the PC you will see the disk being checked.

This process will take, on average, about an hour.



Now Go to the Run box on the Start Menu and type in:

sfc /scannow

Press Enter

More info on this process can be found here.

Please post back to let me know how that went.
Posted Image
m0le is a proud member of UNITE

#15 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 04 December 2012 - 07:58 PM

12052012_014157.log

All processes killed
========== OTL ==========
Service SMR300 stopped successfully!
Service SMR300 deleted successfully!
File System32\drivers\SMR300.SYS not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
Service DarkSpy stopped successfully!
Service DarkSpy deleted successfully!
File C:\windows\system32\DarkSpyKernel.sys not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0158E398 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1107661040 bytes
->Temporary Internet Files folder emptied: 9148557 bytes
->FireFox cache emptied: 233767298 bytes
->Google Chrome cache emptied: 274640511 bytes
->Flash cache emptied: 102068 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33256 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3622497 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 465444438 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 152823898 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.143,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12052012_014157

Files\Folders moved on Reboot...
C:\WINDOWS\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-508.log moved successfully.
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users