Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't log on my desktop [Solved]

Started by Andro , Feb 08 2010 07:26 PM

  • This topic is locked This topic is locked

#1
Andro
Posted 08 February 2010 - 07:26 PM

Andro

    Member

  • Member
  • PipPipPip
  • 228 posts
Hello!

Here is my problem...

Today,when I turned on my computer,there was green wallpaper with sign Your sistem is infected,there is acitve spyware...With program Spybot S&D,Ad-Aware and Avira antivirus I checked&cleaned what they found.I thought that removed spyware and restart my computer.When I tried to log on my desktop,there were nothing (no start button,no icons,maps...absolutely anything)except my wallpaper for background.Every time I try to log in,computer automatically puts me back on "to begin click your user name" screen.

I write this from another computer because I can't log on mine.If you can help,I would be very thankful!!
  • 0

Advertisements

#2
Andro
Posted 09 February 2010 - 12:05 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
I have some good news and hope that will help you to solve my problem...I put my Windows XP Professional CD in CD-ROM and first clicked Set up Windows now.Then I clicked repair current verison of Windows so I managed to log on my desktop but there are still large icons,large taskbar and time to time appears this sign "Microsoft Feeds Synchronization has encountered a problem and needs to close.We are sorry for this inconvenience.If you are in middle of sth,the info you were working on might be lost".I went thru Malware and Spyware Cleaning Guide so here is...

mbam log

Malwarebytes' Anti-Malware 1.44
Različica baze: 3712
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

9.2.2010 14:50:02
mbam-log-2010-02-09 (14-50-02).txt

Tip pregleda: Hitri pregled
Preverjenih objektov: 128448
Pretečen čas: 4 minute(s), 53 second(s)

Okuženih spominskih procesov: 0
Okuženih spominskih modulov: 0
Okuženih ključev registra: 0
Okuženih vrednosti registra: 1
Okuženih vnosov v register: 5
Okuženih map: 0
Okuženih datotek: 2

Okuženih spominskih procesov:
(Ni bilo najdenih zlonamernih objektov)

Okuženih spominskih modulov:
(Ni bilo najdenih zlonamernih objektov)

Okuženih ključev registra:
(Ni bilo najdenih zlonamernih objektov)

Okuženih vrednosti registra:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Okuženih vnosov v register:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Okuženih map:
(Ni bilo najdenih zlonamernih objektov)

Okuženih datotek:
C:\WINDOWS\system32\wsaupdater.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.

About GMER Rootkit Scanner:when I launch this,first scans for a while than freeze so I can't do anything except restart computer.

Here is OTL log

OTL logfile created on: 9.2.2010 16:42:33 - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\andro\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 6,63 Gb Free Space | 2,85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JUD-03F4AE0B207
Current User Name: andro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\andro\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\UTSCSI.EXE ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe ()
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\WINDOWS\system32\PAStiSvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\andro\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (MioNet) -- File not found
SRV - (ekrn) -- File not found
SRV - (EhttpSrv) -- File not found
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UTSCSI) -- C:\WINDOWS\system32\UTSCSI.EXE ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3
FF - prefs.js..keyword.URL: "http://www.fastbrows...70D9EA6EFE}&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.02.09 15:34:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Components: I:\FirefoxPortable\App\firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Plugins: I:\FirefoxPortable\App\firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.23 00:03:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.23 00:03:50 | 000,000,000 | ---D | M]

[2009.05.28 14:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions
[2009.05.28 14:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions\[email protected]
[2010.02.09 16:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions
[2009.09.11 10:40:15 | 000,000,000 | ---D | M] (My Tattoons (Fast Browser Search)) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009.06.18 11:39:45 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\searchplugins\sweetim.xml
[2010.02.09 16:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.06.18 19:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007.08.29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009.11.07 09:49:53 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009.11.07 09:49:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009.11.07 09:49:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009.09.11 11:31:51 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009.09.11 11:31:50 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
[2010.02.09 15:54:50 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2009.11.07 09:49:53 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009.08.03 11:37:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\andro\Start Menu\Programs\Startup\GIGABYTE VGA Utility.lnk = C:\Documents and Settings\andro\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is10-soft-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide....ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.255.209.79 84.255.210.79
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\andro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.06 22:34:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.02.09 14:25:21 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56016913389584384)

========== Files/Folders - Created Within 14 Days ==========

[2010.02.09 16:41:18 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2010.02.09 15:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010.02.09 15:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010.02.09 15:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010.02.09 15:04:30 | 000,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\andro\Desktop\SysRestorePoint.exe
[2010.02.09 14:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.02.09 14:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010.02.09 14:35:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\andro\Recent
[2010.02.09 14:29:53 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\TFC.exe
[2010.02.09 13:57:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.02.09 13:52:54 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010.02.09 13:52:54 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010.02.09 13:52:54 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010.02.09 13:51:42 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010.02.09 13:51:42 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010.02.09 13:51:42 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010.02.09 13:51:29 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010.02.09 13:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010.02.04 11:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\My Documents\VLounge Album
[2010.01.09 19:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\MioNet
[2010.01.09 19:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010.01.09 19:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009.08.28 10:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009.08.05 12:06:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009.07.06 08:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008.12.24 17:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008.06.09 16:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2008.06.06 22:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008.06.06 22:34:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010.02.09 16:44:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2010.02.09 16:43:28 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job
[2010.02.09 16:41:19 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2010.02.09 16:39:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.02.09 16:37:04 | 000,002,551 | ---- | M] () -- C:\Documents and Settings\andro\Start Menu\Programs\Startup\GIGABYTE VGA Utility.lnk
[2010.02.09 16:37:02 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.02.09 16:36:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.02.09 16:36:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.02.09 15:31:40 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\andro\NTUSER.DAT
[2010.02.09 15:31:00 | 000,001,164 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004UA.job
[2010.02.09 15:08:11 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\SUPERAntiSpyware.exe
[2010.02.09 14:41:06 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\ERUNT.lnk
[2010.02.09 14:29:54 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\TFC.exe
[2010.02.09 14:05:33 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.02.09 14:05:33 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.02.09 14:05:33 | 000,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.02.09 14:01:43 | 001,548,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.02.09 13:55:10 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010.02.09 13:50:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.02.09 13:50:22 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.02.09 13:50:22 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.02.09 13:50:10 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010.02.09 13:49:14 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010.02.09 13:49:14 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.02.09 13:49:07 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.02.09 13:49:07 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.02.09 13:49:07 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.02.09 13:49:07 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010.02.09 13:49:07 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.02.09 13:49:07 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010.02.09 13:48:55 | 000,000,630 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.02.09 13:47:17 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.02.09 13:45:49 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2010.02.09 13:36:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.02.09 13:18:30 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\andro\ntuser.ini
[2010.02.08 17:46:39 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\andro\NTUSER.DAT_BAK_24867
[2010.02.08 17:26:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.02.08 15:10:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.02.08 04:24:49 | 000,089,600 | ---- | M] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.07 03:32:11 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\andro\My Documents\vlc-1.0.5-win32.exe
[2010.02.06 16:28:23 | 000,022,863 | ---- | M] () -- C:\Documents and Settings\andro\Start Menu.rar
[2010.02.06 13:53:41 | 006,029,302 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Ilda Saulic 2009 - www.FolkoTeka.com - Te sam noci prevarila sebe.mp3
[2010.02.06 13:53:28 | 004,866,962 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Ilda Saulic - I najgora i najbolja (promo) - www.FolkoTeka.com - 2010.mp3
[2010.02.06 13:51:02 | 008,318,947 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Goran Vukosic 2010 - www.FolkoTeka.com - Moja ljubavi.mp3
[2010.02.06 13:50:34 | 004,382,956 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Goca Bozinovska - Bivsa ljubavi - www.FolkoTeka.com - 2010.mp3
[2010.02.06 13:33:52 | 007,938,601 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Djogani - 10 - Accordion Soul (Andjeo bez krila) (Inst) - www.FolkoTeka.com - 2009.mp3
[2010.02.05 04:12:59 | 000,109,747 | ---- | M] () -- C:\Documents and Settings\andro\My Documents\Alja.rtf
[2010.02.04 12:31:00 | 000,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004Core.job
[2010.01.26 20:03:25 | 008,925,649 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Amadeus band - 01 - Overen - www.FolkoTeka.com - 2009.mp3

========== Files Created - No Company Name ==========

[2010.02.09 15:38:55 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\gmer.exe
[2010.02.09 15:07:53 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\SUPERAntiSpyware.exe
[2010.02.09 14:41:06 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\ERUNT.lnk
[2010.02.09 13:53:37 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010.02.09 13:52:48 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010.02.09 13:52:48 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010.02.09 13:52:47 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010.02.09 13:52:22 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010.02.09 13:52:21 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010.02.09 13:52:13 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010.02.09 13:52:12 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010.02.09 13:52:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010.02.09 13:51:58 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010.02.09 13:51:49 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010.02.09 13:51:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010.02.09 13:51:31 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010.02.09 13:51:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010.02.09 13:51:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010.02.09 13:51:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010.02.09 13:51:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010.02.09 13:51:27 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010.02.09 13:51:27 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010.02.09 13:51:27 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010.02.09 13:51:27 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010.02.09 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010.02.09 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010.02.09 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010.02.09 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010.02.09 13:51:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010.02.09 13:51:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010.02.09 13:51:25 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010.02.09 13:51:25 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010.02.09 13:51:25 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010.02.09 13:51:25 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010.02.09 13:51:25 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010.02.09 13:51:25 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010.02.09 13:51:25 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010.02.09 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010.02.09 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010.02.09 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010.02.09 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010.02.09 13:51:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010.02.09 13:51:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010.02.09 13:51:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010.02.09 13:51:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010.02.09 13:51:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010.02.09 13:51:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010.02.09 13:51:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010.02.09 13:51:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010.02.09 13:51:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010.02.09 13:51:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010.02.09 13:51:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010.02.09 13:51:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010.02.09 13:51:23 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010.02.09 13:51:23 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010.02.09 13:51:23 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010.02.09 13:51:23 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010.02.09 13:51:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010.02.09 13:51:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010.02.09 13:51:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010.02.09 13:51:22 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010.02.09 13:51:22 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010.02.09 13:49:14 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.02.09 13:49:07 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.02.09 13:49:07 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.02.09 13:49:07 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.02.09 13:49:07 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010.02.09 13:49:07 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.02.09 13:35:57 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010.02.09 13:35:57 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010.02.09 13:35:57 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010.02.09 13:35:57 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010.02.09 13:35:57 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010.02.09 13:35:57 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010.02.09 13:35:57 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010.02.09 13:35:56 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010.02.09 13:35:56 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010.02.09 13:35:56 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010.02.09 13:35:56 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010.02.09 13:35:56 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010.02.09 13:35:56 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010.02.09 13:35:56 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010.02.09 13:35:56 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010.02.09 13:35:56 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010.02.09 13:35:56 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010.02.07 03:31:55 | 018,499,623 | ---- | C] () -- C:\Documents and Settings\andro\My Documents\vlc-1.0.5-win32.exe
[2010.02.06 16:28:23 | 000,022,863 | ---- | C] () -- C:\Documents and Settings\andro\Start Menu.rar
[2010.02.06 13:53:37 | 006,029,302 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Ilda Saulic 2009 - www.FolkoTeka.com - Te sam noci prevarila sebe.mp3
[2010.02.06 13:53:25 | 004,866,962 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Ilda Saulic - I najgora i najbolja (promo) - www.FolkoTeka.com - 2010.mp3
[2010.02.06 13:50:56 | 008,318,947 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Goran Vukosic 2010 - www.FolkoTeka.com - Moja ljubavi.mp3
[2010.02.06 13:50:32 | 004,382,956 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Goca Bozinovska - Bivsa ljubavi - www.FolkoTeka.com - 2010.mp3
[2010.02.06 13:33:48 | 007,938,601 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Djogani - 10 - Accordion Soul (Andjeo bez krila) (Inst) - www.FolkoTeka.com - 2009.mp3
[2010.01.26 20:03:21 | 008,925,649 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Amadeus band - 01 - Overen - www.FolkoTeka.com - 2009.mp3
[2009.10.29 12:32:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.09.09 11:09:19 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.08.13 23:13:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009.08.03 04:58:44 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2009.08.03 03:50:16 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\fSAw0BYJat.gif
[2009.08.03 03:50:16 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\fSAw0BYJzn.gif
[2009.08.03 03:50:16 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\fSAw0BYJby.gif
[2009.03.13 12:38:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.03.09 07:35:49 | 000,001,039 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\VodafoneConnectorService.log
[2008.12.17 14:11:10 | 000,000,572 | ---- | C] () -- C:\WINDOWS\WT.INI
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.06 17:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.08.16 12:18:07 | 000,000,099 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.07.01 21:21:09 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll
[2008.07.01 21:21:09 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll
[2008.07.01 21:21:09 | 000,271,872 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll
[2008.07.01 21:21:09 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll
[2008.07.01 21:21:09 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll
[2008.07.01 21:21:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll
[2008.07.01 21:21:09 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll
[2008.07.01 21:21:09 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll
[2008.07.01 21:21:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll
[2008.07.01 21:21:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll
[2008.06.11 10:58:20 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.06.11 10:58:12 | 002,121,235 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008.06.11 10:58:12 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.06.11 10:58:12 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.06.11 10:58:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.06.11 10:58:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.06.08 14:23:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.06.07 15:24:36 | 000,089,600 | ---- | C] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.19 23:05:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.04.19 23:05:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.04.19 23:05:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.04.19 23:05:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.04.19 23:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004.08.04 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.08.04 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003.01.07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008.07.17 16:48:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009.09.24 12:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009.09.24 12:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009.06.21 22:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008.11.28 14:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009.03.12 10:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009.09.24 11:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008.06.17 21:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2008.06.11 14:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009.03.10 23:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2008.06.09 14:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010.01.14 14:41:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009.12.23 15:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009.08.28 16:26:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009.09.03 12:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Acoustica
[2010.02.08 04:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\BitTorrent
[2009.09.24 11:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DriverCure
[2009.06.05 17:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\LimeWire
[2008.06.09 15:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\MSNInstaller
[2009.03.12 10:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\NCH Swift Sound
[2008.10.03 12:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Opera
[2008.06.18 10:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Propellerhead Software
[2008.06.11 14:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\TuneUp Software
[2009.09.24 12:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Uniblue
[2010.02.09 16:37:02 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010.02.08 17:26:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010.02.09 16:44:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2010.02.09 16:43:28 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004.08.04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010.02.09 14:33:46 | 000,323,584 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.02.09 13:20:45 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010.02.09 14:33:46 | 034,603,008 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.02.09 14:33:46 | 008,650,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

I hope I you can now hlep me to find the best solution!

Thank you!
  • 0

#3
Essexboy
Posted 09 February 2010 - 03:19 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets run this first and have a quick check with GMER, on completion of these runs could you let me the problems that you are experiencing and we will try to solve them one at a time

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O15 - HKLM\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is10-soft-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)

:Commands
[purity]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

THEN

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#4
Andro
Posted 10 February 2010 - 03:33 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Hi Essexboy,here are logs...

OTL log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-internetsecurity10.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-internetsecurity10.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is10-soft-download.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: andro
->Temp folder emptied: 883879 bytes
->Temporary Internet Files folder emptied: 17325414 bytes
->FireFox cache emptied: 49555587 bytes
->Opera cache emptied: 0 bytes

User: Default User

User: jud
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82403 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 26118274 bytes

Total Files Cleaned = 90,00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02102010_004133

Files\Folders moved on Reboot...
C:\Documents and Settings\andro\Local Settings\Temp\MessengerCache\BhKtFttXL13jXcoWsD2FnURkqo1c= moved successfully.
C:\Documents and Settings\andro\Local Settings\Temp\MessengerCache\Iwle4IlWzM9foa8vtBAS2j4L1p4= moved successfully.
C:\Documents and Settings\andro\Local Settings\Temp\MessengerCache\lwzs9Dja761usc6NS+oupnq7NTk= moved successfully.
C:\Documents and Settings\andro\Local Settings\Temp\MessengerCache\vOgQUkTRDaHMtLmsy0a3NXDzwus= moved successfully.
File\Folder C:\Documents and Settings\andro\Local Settings\Temporary Internet Files\Content.IE5\JC8S6R5V\ADSAdClient31[1].txt not found!
C:\Documents and Settings\andro\Local Settings\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\andro\Local Settings\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\andro\Local Settings\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\andro\Local Settings\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\andro\Local Settings\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\andro\Local Settings\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\XUL.mfl moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_75c.dat not found!

Registry entries deleted on Reboot...

...then GMER log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-10 22:05:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\andro\LOCALS~1\Temp\fxdcraow.sys


---- System - GMER 1.0.15 ----

SSDT BAF8AD3E ZwCreateKey
SSDT BAF8AD34 ZwCreateThread
SSDT BAF8AD43 ZwDeleteKey
SSDT BAF8AD4D ZwDeleteValueKey
SSDT BAF8AD52 ZwLoadKey
SSDT BAF8AD20 ZwOpenProcess
SSDT BAF8AD25 ZwOpenThread
SSDT BAF8AD5C ZwReplaceKey
SSDT BAF8AD57 ZwRestoreKey
SSDT BAF8AD48 ZwSetValueKey
SSDT BAF8AD2F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB989D360, 0x2F3087, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [BACBD3FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [BACBD458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [BACBD6B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [BACBD684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BACBD684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BACBD458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BACBD3FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BACBD6B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BACBD6B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BACBD684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BACBD458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BACBD3FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BACBD684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BACBD6B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BACBD3FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BACBD458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BACBD3FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BACBD458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BACBD684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BACBD6B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BACBD684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BACBD458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BACBD3FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BACBD684] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BACBD6B2] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BACBD3FC] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BACBD458] NDISRD.sys (NDISRD helper driver/NT Kernel Resources)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Tnx for helping me,I'm waiting for your next instructions!
  • 0

#5
Essexboy
Posted 10 February 2010 - 03:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are your problems now ?

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#6
Andro
Posted 11 February 2010 - 06:22 AM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Hm,I thought you will tell me about computer problems,that's why I pasted logs in previous post that you will check and say how it looks!?

Anyway,below is MBAM log report...

Malwarebytes' Anti-Malware 1.44
Database version: 3724
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11.2.2010 13:12:52
mbam-log-2010-02-11 (13-12-52).txt

Scan type: Quick Scan
Objects scanned: 130407
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
Essexboy
Posted 11 February 2010 - 12:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see no apparent malware in your log which is why I need to know if you are having any problems :)
  • 0

#8
Andro
Posted 11 February 2010 - 07:50 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
My computer is working normal,I didn't notice any problems since I scaned it with that programs you recomended.Do you think my computer is clean now?

Oh yeah,btw;since I fixed current version of Windows by clicking repair button there are two sounds.One is coming from my speakers which is usual and other comes from my computer altough speakers are not turned on(for example when you log on desktop you hear Windows music for couple seconds).

Do you know how to set sound that I will hear music just from my speakers?
  • 0

#9
Essexboy
Posted 12 February 2010 - 12:05 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have an intergal sound card and one that was placed in the computer PCI slots ?

I will clear my tools now - subject to no further problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done

SPRING CLEAN

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#10
Andro
Posted 12 February 2010 - 05:21 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
First,I wanna say thanks a lot for your help,without you I couldn't succeed :) I did everything you wrote above,tnx again!

About integral sound card...I have HP Compaq dx2300 Microtower,so I think I have it,also computer PCI slots(don't know much about computers!)

I noticed today one more problem...when I put my computer in Stand By mode it automatically turns on immediately(or after max 10 seconds).Do you have any idea why?
  • 0

Advertisements

#11
Essexboy
Posted 13 February 2010 - 04:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The restarting could be a sensitive mouse - does this happen every time ?

For the sound
Go to Control panel > Device manager
Select the Sound, Video and Games controllers section
Press the plus sign next to that
Take a screen shot and post that here
  • 0

#12
Andro
Posted 13 February 2010 - 12:00 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Here is a screen shot of Device manager...

About Stand By mode->yes,this happens every time when I press that button
  • 0

#13
Essexboy
Posted 13 February 2010 - 12:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see what is not letting your computer get its' sleep

In the command prompt, type powercfg -devicequery wake_armed and you will see a list of devices with "Allow this device to bring the computer out of standby" enabled. You can then disable it for each in Device Manager.

Then follow the destructions on this page to turn off those that can wake your computer - I would recommend leaving the keyboard otherwise it will not wake

I can see no reason why it would make sounds with the speakers off unless it is an integral card - in which case if it senses no speakers it will use the internal speaker
  • 0

#14
Andro
Posted 14 February 2010 - 08:02 AM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
My computer is now sleeping when I put it in Stand By mode,thanks man :)

It's integrated sound card...I would understand it uses internal speaker if I wouldn't have my own speakers but here comes sound from internal speaker and speakers at the same time...Any suggestions?
  • 0

#15
Essexboy
Posted 14 February 2010 - 08:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm this one has me stumped :)

It might be worth posting in the hardware forum where the experts live
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP