Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Black desktop with only two icons


  • This topic is locked This topic is locked

#1
Andro

Andro

    Member

  • Member
  • PipPipPip
  • 153 posts
Good evening from my side of the world!

My problem is not so small to describe so...

Yesterday when I started to watch the show online suddenly everything crashed. Mozilla Firefox and all tabs closed, icons on desktop started to disappear one after another. Background gone black and only Recycle Bin&Internet Explorer stayed on desktop.

Then System Restore opened (it's unable to close this!) with messages like

"RAM Memory temperature is 83 C. Optimization is required for normal RAM functioning."
"Boot sector of the hard drive is damaged."
"Disk drive C is unreadable."
...and many more...

In right bottom corner the message " Files indexation process failed" is shown from time to time.

There are also critical errors like

" RAM memory reliability is extremely low. This problem may cause system failure."
"Windows OS can't detect a free hard drive space Hard drive error."
"Hard drive clusters are partly damaged."
...and others...

Every few minutes appear over 20 boxes at the same time with sign " Failed to save all the components for the file System32... This file is corrupted or unreadable."

I scanned my computer with Spybot-SD, Malwarebytes-AntiMalware&Avira Free Antivirus. All infected files were able to remove successfully. I tried to clean it also with Trojan Killer but I was unable to do this because that program wants a registration code.
I think those infections are still here altough I erase them.

Below are attachments of Avira, Mbam and OTL.

Thanks 4 all your help in advanced!


Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe


Re-run Roguekiller


  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.


THEN

  • Run OTL there will only be one log this time
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • 0

#3
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
Hello...

It's ok I know here is a lot of people who need help:)
Anyway...thanks for replying!

Here are RK reports

RogueKiller V6.1.8 [11/14/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: andro [Admin rights]
Mode: Remove -- Date : 11/14/2011 22:03:50

¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] adawarebp.dll -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
[SUSP PATH] adawarebp.exe -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : Ad-Aware Browsing Protection ("C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe") -> DELETED
[SUSP PATH] GIGABYTE VGA Utility.lnk : C:\Documents and Settings\andro\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe -> DELETED
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\andro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

------------------------------------------------------------------------------------------------------

RogueKiller V6.1.8 [11/14/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: andro [Admin rights]
Mode: Shortcuts HJfix -- Date : 11/14/2011 22:49:46

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 484 / Fail 0
Quick launch: Success 9 / Fail 0
Programs: Success 49892 / Fail 0
Start menu: Success 368 / Fail 0
User folder: Success 7630 / Fail 6
My documents: Success 3240 / Fail 3
My favorites: Success 56 / Fail 1
My pictures: Success 0 / Fail 1
My music: Success 0 / Fail 1
My videos: Success 0 / Fail 0
Local drives: Success 41726 / Fail 7
Backup: [FOUND] Success 298 / Fail 7

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\Harddisk1\DP(1)0-0+6 -- 0x2 --> Restored
[F:] \Device\Harddisk2\DP(1)0-0+7 -- 0x2 --> Restored
[G:] \Device\Harddisk3\DP(1)0-0+8 -- 0x2 --> Restored
[H:] \Device\Harddisk4\DP(1)0-0+9 -- 0x2 --> Restored

¤¤¤ Infection : Fake HDD ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


...and OTL report


OTL logfile created on: 11/14/2011 22:58:43 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\andro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: M/d/yyyy

2,00 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,54% Memory free
3,85 Gb Paging File | 2,79 Gb Available in Paging File | 72,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 131,06 Gb Free Space | 56,28% Space Free | Partition Type: NTFS

Computer Name: JUD-03F4AE0B207 | User Name: andro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 23:19:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
PRC - [2011/11/09 23:19:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/09 16:35:10 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/09 16:35:10 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/24 15:42:24 | 000,161,336 | ---- | M] (Google) -- C:\Documents and Settings\andro\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/10/11 14:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:00:10 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/11 14:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/27 11:18:14 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/09/27 11:15:38 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/09/05 15:20:30 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2009/03/05 15:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/11 11:17:32 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/11/09 23:19:41 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/09 16:35:12 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/09 16:35:12 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/09 16:35:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/13 11:45:15 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/11 14:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/02/05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
MOD - [2008/04/14 01:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 01:12:03 | 000,386,048 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/29 16:42:20 | 000,159,744 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mmfinfo.dll
MOD - [2008/03/29 16:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
MOD - [2007/03/11 00:10:14 | 000,958,464 | ---- | M] () -- C:\Program Files\DirectVobSub\VSFilter.dll
MOD - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ekrn)
SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
SRV - [2011/11/09 16:35:10 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:00:10 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/27 11:15:38 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2009/02/15 22:01:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - [2011/11/14 22:50:58 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/11/09 16:35:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/09 16:35:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/11 14:00:32 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/10 17:43:33 | 006,108,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/29 18:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/01/19 17:14:50 | 000,409,728 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC610NC.SYS -- (SPC610NC)
DRV - [2007/01/19 17:14:50 | 000,409,728 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC610NC.SYS -- (SPC500NC)
DRV - [2005/07/12 18:53:20 | 000,007,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1935655697-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1935655697-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1935655697-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1935655697-1972579041-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-1972579041-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://search.babylo....10&affID=8346"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\andro\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\andro\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=7: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/21 12:11:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 23:19:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 00:20:15 | 000,000,000 | ---D | M]

[2009/05/28 14:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions
[2009/05/28 14:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions\[email protected]
[2011/10/17 14:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions
[2010/04/27 23:16:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/11 11:22:35 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/04/30 12:18:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/11 23:48:19 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\[email protected]
[2011/11/09 23:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/18 19:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/11/09 23:19:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/10/14 22:50:59 | 000,002,286 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/05/07 11:40:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/02/26 20:55:59 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2010/02/26 20:55:59 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2011/11/09 23:19:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/13 23:48:10 | 000,437,128 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15061 more lines...
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\andro\Application Data\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1935655697-1972579041-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1935655697-1972579041-839522115-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1935655697-1972579041-839522115-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-1972579041-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-1972579041-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-1972579041-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-1972579041-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1935655697-1972579041-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide....ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.255.209.79 84.255.210.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A4DC16C-EC4E-4C90-9FDA-18354A1D5250}: DhcpNameServer = 84.255.209.79 84.255.210.79
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/06 22:34:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Desktop\RK_Quarantine
[2011/11/11 11:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Local Settings\Application Data\adaware
[2011/11/11 11:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/11/11 11:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/11/11 11:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Application Data\adawaretb
[2011/11/11 11:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2011/11/11 11:15:24 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/11 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/11/10 23:19:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2011/11/10 21:14:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\andro\Recent
[2011/11/10 21:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/11/09 23:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Start Menu\Programs\System Restore
[2011/11/02 15:06:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Desktop\Programi za popravljanje
[2011/10/22 00:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/10/19 12:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Application Data\Avira
[2011/10/19 12:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/19 12:37:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/19 12:37:22 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/19 12:37:22 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/19 12:37:22 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/19 12:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/19 12:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

========== Files - Modified Within 30 Days ==========

[2011/11/14 23:29:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2011/11/14 23:18:34 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job
[2011/11/14 23:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/14 22:52:37 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/14 22:50:58 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/14 22:32:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004UA.job
[2011/11/14 22:09:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
[2011/11/14 22:09:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
[2011/11/14 21:55:43 | 000,747,008 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\RogueKiller.exe
[2011/11/14 20:32:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004Core.job
[2011/11/14 19:35:49 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/14 19:31:52 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/14 19:29:34 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
[2011/11/14 19:29:34 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/11/14 19:29:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/11 15:02:18 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2011/11/11 11:37:17 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/11 11:22:22 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/11 11:19:48 | 012,021,760 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Ad-Aware96Install.msi
[2011/11/10 23:19:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2011/11/10 23:02:57 | 019,461,595 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\GridinSoft.Trojan.Killer.v2.0.7.4.Incl.Patch.AND.Key.zip
[2011/11/09 23:26:29 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\POuTdP5zq0KlvR
[2011/11/09 23:24:49 | 000,000,296 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~POuTdP5zq0KlvR
[2011/11/09 23:24:49 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~POuTdP5zq0KlvRr
[2011/11/09 23:24:47 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/09 23:15:45 | 000,424,792 | -H-- | M] () -- C:\WINDOWS\0.6623914605106059.exe
[2011/11/09 22:53:40 | 000,270,152 | ---- | M] () -- C:\Documents and Settings\andro\My Documents\Alja.rtf
[2011/11/09 16:35:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/09 16:09:39 | 000,141,824 | -H-- | M] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/09 15:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
[2011/11/09 14:11:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/09 14:11:24 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/06 15:29:42 | 009,252,277 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 08 - www.FolkoTeka.com - Ako me umiris sad.mp3
[2011/11/06 15:26:26 | 007,684,905 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 07 - www.FolkoTeka.com - Andjele.mp3
[2011/11/06 15:20:40 | 006,972,276 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 05 - www.FolkoTeka.com - Mana.mp3
[2011/11/06 15:11:45 | 007,388,161 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 02 - www.FolkoTeka.com - Pevajte mi pesme.mp3
[2011/11/06 14:34:46 | 005,715,808 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Ado Gegaj 2011 - www.FolkoTeka.com - Vila srece.mp3
[2011/11/06 13:51:46 | 008,480,021 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 07 - Bivsa draga - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:49:50 | 008,917,827 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 06 - Majka - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:46:10 | 007,334,812 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 05 - Ludo ljeto - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:38:12 | 009,637,767 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 03 - Za koju cijenu si dusu prodala - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:35:13 | 009,062,013 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 02 - Pravo na ljubav - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:31:13 | 008,264,757 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 01 - Subota je ludilo - www.FolkoTeka.com - 2011.mp3
[2011/11/04 12:31:31 | 001,547,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/04 01:44:19 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/04 01:44:19 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 01:39:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/03 14:04:53 | 000,013,480 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\T2 Playlist 19.10.2011.m3u
[2011/10/19 12:39:27 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk

========== Files Created - No Company Name ==========

[2011/11/14 22:09:20 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLounge.lnk
[2011/11/14 22:09:20 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2011.lnk
[2011/11/14 22:09:20 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/14 22:09:20 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/11/14 22:09:20 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/14 22:09:20 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/14 22:09:20 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/14 22:09:20 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/14 22:09:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/14 22:09:20 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/14 22:09:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 22:09:20 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2011/11/14 22:09:20 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2011/11/14 22:09:20 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegClean Pro.lnk
[2011/11/14 22:09:20 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/11/14 22:09:20 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/11/14 22:09:20 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/14 22:09:19 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011/11/14 22:09:19 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/14 22:09:19 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/14 22:09:17 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/14 22:09:17 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/11/14 22:09:13 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/14 22:09:13 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/11/14 22:09:13 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011/11/14 22:09:13 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2011/11/14 22:09:13 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2011/11/14 22:09:13 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe InDesign CS.lnk
[2011/11/14 22:09:12 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
[2011/11/14 22:09:12 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
[2011/11/14 21:56:18 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/14 21:55:47 | 000,747,008 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\RogueKiller.exe
[2011/11/11 14:18:10 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/11 11:19:55 | 012,021,760 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Ad-Aware96Install.msi
[2011/11/11 11:15:25 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/10 23:01:06 | 019,461,595 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\GridinSoft.Trojan.Killer.v2.0.7.4.Incl.Patch.AND.Key.zip
[2011/11/09 23:24:49 | 000,000,296 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~POuTdP5zq0KlvR
[2011/11/09 23:24:49 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~POuTdP5zq0KlvRr
[2011/11/09 23:24:44 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\POuTdP5zq0KlvR
[2011/11/09 23:15:41 | 000,424,792 | -H-- | C] () -- C:\WINDOWS\0.6623914605106059.exe
[2011/11/06 15:29:32 | 009,252,277 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 08 - www.FolkoTeka.com - Ako me umiris sad.mp3
[2011/11/06 15:26:17 | 007,684,905 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 07 - www.FolkoTeka.com - Andjele.mp3
[2011/11/06 15:20:32 | 006,972,276 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 05 - www.FolkoTeka.com - Mana.mp3
[2011/11/06 15:11:37 | 007,388,161 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 02 - www.FolkoTeka.com - Pevajte mi pesme.mp3
[2011/11/06 14:34:41 | 005,715,808 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Ado Gegaj 2011 - www.FolkoTeka.com - Vila srece.mp3
[2011/11/06 13:51:37 | 008,480,021 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 07 - Bivsa draga - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:49:42 | 008,917,827 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 06 - Majka - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:46:02 | 007,334,812 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 05 - Ludo ljeto - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:38:02 | 009,637,767 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 03 - Za koju cijenu si dusu prodala - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:35:02 | 009,062,013 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 02 - Pravo na ljubav - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:31:03 | 008,264,757 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 01 - Subota je ludilo - www.FolkoTeka.com - 2011.mp3
[2011/11/04 01:39:04 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/03 14:04:51 | 000,013,480 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\T2 Playlist 19.10.2011.m3u
[2011/04/23 14:07:51 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/23 14:07:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/01/03 14:18:55 | 000,467,968 | ---- | C] () -- C:\WINDOWS\VPro500.exe
[2010/12/13 15:33:36 | 000,000,518 | -H-- | C] () -- C:\WINDOWS\System32\SPC610NC.ini
[2010/12/13 14:18:12 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/12/11 13:48:21 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/11 13:48:18 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/11 13:48:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/11 13:47:55 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/18 18:27:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/01/09 19:31:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe
[2009/10/29 12:32:20 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/09 11:09:19 | 000,004,767 | -H-- | C] () -- C:\WINDOWS\Irremote.ini
[2009/08/13 23:13:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/08/03 04:58:44 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2009/08/03 03:50:16 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\fSAw0BYJat.gif
[2009/08/03 03:50:16 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\fSAw0BYJzn.gif
[2009/08/03 03:50:16 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\fSAw0BYJby.gif
[2009/06/03 10:50:31 | 000,000,032 | --S- | C] () -- C:\WINDOWS\System32\273640422.dat
[2009/03/13 12:38:11 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/09 07:37:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2008/12/17 14:11:10 | 000,000,572 | ---- | C] () -- C:\WINDOWS\WT.INI
[2008/12/13 21:48:39 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/16 12:18:07 | 000,000,099 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/01 21:21:09 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll
[2008/07/01 21:21:09 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll
[2008/07/01 21:21:09 | 000,271,872 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll
[2008/07/01 21:21:09 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll
[2008/07/01 21:21:09 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll
[2008/07/01 21:21:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll
[2008/07/01 21:21:09 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll
[2008/07/01 21:21:09 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll
[2008/07/01 21:21:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll
[2008/07/01 21:21:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll
[2008/06/11 10:58:20 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/11 10:58:12 | 002,121,235 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/06/11 10:58:12 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/11 10:58:12 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/11 10:58:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/10 11:24:12 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/09 16:40:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/09 15:54:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/08 14:23:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/07 15:24:36 | 000,141,824 | -H-- | C] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/07 00:23:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/07 00:22:06 | 001,547,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/06 22:36:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/06 22:30:10 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/19 23:05:00 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/04/19 23:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,436,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,068,796 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/09/05 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2011/11/14 19:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/10/14 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2008/07/17 16:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/09/24 12:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/01/04 19:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/06/21 22:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/10/14 23:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2008/11/28 14:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/03/12 10:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/09/24 11:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/21 02:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2011/10/14 23:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2008/06/17 21:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011/11/07 13:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/15 00:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/03/10 23:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/02/12 03:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/14 23:59:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2009/12/23 15:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/09/03 12:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Acoustica
[2011/11/14 22:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\adawaretb
[2011/08/05 15:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\AskToolbar
[2010/02/12 22:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Auslogics
[2011/10/14 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Babylon
[2011/11/10 22:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\BitTorrent
[2010/12/13 14:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Carambis
[2011/10/14 23:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Complitly
[2009/09/24 11:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DriverCure
[2011/08/18 15:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DVDVideoSoft
[2011/08/15 12:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers
[2011/11/10 22:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\GetRightToGo
[2010/06/03 14:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\LimeWire
[2008/06/09 15:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\MSNInstaller
[2009/03/12 10:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\NCH Swift Sound
[2008/10/03 12:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Opera
[2008/06/18 10:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Propellerhead Software
[2010/12/11 13:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\SystemRequirementsLab
[2011/10/15 01:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Systweak
[2011/10/15 00:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\TuneUp Software
[2011/10/10 17:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Uniblue
[2009/09/05 20:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2011/10/09 20:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jud\Application Data\BitTorrent
[2008/06/11 20:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jud\Application Data\Canon
[2008/07/07 22:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jud\Application Data\CoSoSys
[2011/10/09 20:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jud\Application Data\DNA
[2009/03/17 13:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jud\Application Data\Foxit
[2009/07/14 15:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jud\Application Data\LimeWire
[2008/09/19 21:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jud\Application Data\Opera
[2008/06/17 21:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jud\Application Data\Propellerhead Software
[2008/12/13 21:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jud\Application Data\Research In Motion
[2008/07/20 08:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jud\Application Data\TuneUp Software
[2011/10/22 00:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/11/14 19:35:49 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/11/14 19:29:34 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2011/11/11 15:02:18 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
[2011/10/15 01:37:43 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
[2011/11/14 23:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/11/14 23:29:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2011/11/14 23:18:34 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\cache\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\cache\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\cache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


Will wait for the next steps when you reply!
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you re-run RogueKiller one more time after the OTL fix with option 6 to see if we can recover the last few files/folders

Once done can you let me know what problems are remaining

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..keyword.URL: "http://search.babylo....10&affID=8346"
    [2009/06/18 19:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/10/14 22:50:59 | 000,002,286 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2010/02/26 20:55:59 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
    [2010/02/26 20:55:59 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
    O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\andro\Application Data\Complitly\Complitly.dll (SimplyGen)
    O3 - HKU\S-1-5-21-1935655697-1972579041-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    [2011/11/10 23:02:57 | 019,461,595 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\GridinSoft.Trojan.Killer.v2.0.7.4.Incl.Patch.AND.Key.zip
    [2011/11/09 23:26:29 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\POuTdP5zq0KlvR
    [2011/11/09 23:24:49 | 000,000,296 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~POuTdP5zq0KlvR
    [2011/11/09 23:24:49 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~POuTdP5zq0KlvRr
    [2011/11/09 23:24:47 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/11/09 23:15:45 | 000,424,792 | -H-- | M] () -- C:\WINDOWS\0.6623914605106059.exe
    [2011/11/14 22:09:20 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2009/08/03 03:50:16 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\fSAw0BYJat.gif
    [2009/08/03 03:50:16 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\fSAw0BYJzn.gif
    [2009/08/03 03:50:16 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\fSAw0BYJby.gif
    [2009/06/03 10:50:31 | 000,000,032 | --S- | C] () -- C:\WINDOWS\System32\273640422.dat

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Re-run Roguekiller option 6

FINALLY

Update and run Malwarebytes posting the resultant log
  • 0

#5
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
I followed your instructions and here are the results...

RK report 3


RogueKiller V6.1.8 [11/14/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: andro [Admin rights]
Mode: Shortcuts HJfix -- Date : 11/15/2011 22:59:43

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 21 / Fail 4
My documents: Success 0 / Fail 3
My favorites: Success 0 / Fail 1
My pictures: Success 0 / Fail 1
My music: Success 0 / Fail 1
My videos: Success 0 / Fail 0
Local drives: Success 17 / Fail 4
Backup: [FOUND] Success 4 / Fail 301

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\Harddisk1\DP(1)0-0+6 -- 0x2 --> Restored
[F:] \Device\Harddisk2\DP(1)0-0+7 -- 0x2 --> Restored
[G:] \Device\Harddisk3\DP(1)0-0+8 -- 0x2 --> Restored
[H:] \Device\Harddisk4\DP(1)0-0+9 -- 0x2 --> Restored

¤¤¤ Infection : Fake HDD ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

---------------------------------------------------------------------------------------------------------------------------------

OTL report

OTL logfile created on: 11/15/2011 23:13:21 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\andro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: M/d/yyyy

2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 52,29% Memory free
3,85 Gb Paging File | 3,07 Gb Available in Paging File | 79,86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 131,08 Gb Free Space | 56,29% Space Free | Partition Type: NTFS

Computer Name: JUD-03F4AE0B207 | User Name: andro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 23:19:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
PRC - [2011/11/09 23:19:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/09 16:35:10 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/09 16:35:10 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/11 14:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:00:10 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/11 14:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/27 11:18:14 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/09/27 11:15:38 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2009/03/05 15:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/11 11:17:32 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/11/09 23:19:41 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/09 16:35:12 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/09 16:35:12 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/09 16:35:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/11 14:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/02/05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ekrn)
SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
SRV - [2011/11/09 16:35:10 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:00:10 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/27 11:15:38 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2009/02/15 22:01:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - [2011/11/15 23:00:52 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/11/09 16:35:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/09 16:35:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/11 14:00:32 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/10 17:43:33 | 006,108,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/29 18:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/01/19 17:14:50 | 000,409,728 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC610NC.SYS -- (SPC610NC)
DRV - [2007/01/19 17:14:50 | 000,409,728 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC610NC.SYS -- (SPC500NC)
DRV - [2005/07/12 18:53:20 | 000,007,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\andro\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\andro\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=7: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/21 12:11:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 23:19:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 00:20:15 | 000,000,000 | ---D | M]

[2009/05/28 14:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions
[2009/05/28 14:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions\[email protected]
[2011/10/17 14:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions
[2010/04/27 23:16:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/11 11:22:35 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/04/30 12:18:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/11 23:48:19 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\[email protected]
[2011/11/15 23:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 23:19:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/05/07 11:40:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 23:19:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/13 23:48:10 | 000,437,128 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15061 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide....ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.255.209.79 84.255.210.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A4DC16C-EC4E-4C90-9FDA-18354A1D5250}: DhcpNameServer = 84.255.209.79 84.255.210.79
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/06 22:34:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/15 23:03:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/15 22:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2011/11/14 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Desktop\RK_Quarantine
[2011/11/11 11:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Local Settings\Application Data\adaware
[2011/11/11 11:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/11/11 11:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/11/11 11:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Application Data\adawaretb
[2011/11/11 11:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2011/11/11 11:15:24 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/11 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/11/10 23:19:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2011/11/10 21:14:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\andro\Recent
[2011/11/10 21:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/11/09 23:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Start Menu\Programs\System Restore
[2011/11/02 15:06:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Desktop\Programi za popravljanje
[2011/10/22 00:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/10/19 12:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Application Data\Avira
[2011/10/19 12:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/19 12:37:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/19 12:37:22 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/19 12:37:22 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/19 12:37:22 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/19 12:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/19 12:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

========== Files - Modified Within 30 Days ==========

[2011/11/15 23:19:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2011/11/15 23:15:48 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job
[2011/11/15 23:10:51 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
[2011/11/15 23:10:23 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
[2011/11/15 23:10:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/15 23:10:05 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/15 23:07:46 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
[2011/11/15 23:07:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/15 23:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/15 23:00:52 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/15 22:32:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004UA.job
[2011/11/15 20:32:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004Core.job
[2011/11/15 15:02:18 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2011/11/15 13:20:24 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/15 13:20:11 | 000,141,824 | -H-- | M] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/14 21:55:43 | 000,747,008 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\RogueKiller.exe
[2011/11/11 11:37:17 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/11 11:22:22 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/10 23:19:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2011/11/09 22:53:40 | 000,270,152 | ---- | M] () -- C:\Documents and Settings\andro\My Documents\Alja.rtf
[2011/11/09 16:35:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/09 15:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
[2011/11/09 14:11:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/09 14:11:24 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/06 15:29:42 | 009,252,277 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 08 - www.FolkoTeka.com - Ako me umiris sad.mp3
[2011/11/06 15:26:26 | 007,684,905 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 07 - www.FolkoTeka.com - Andjele.mp3
[2011/11/06 15:20:40 | 006,972,276 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 05 - www.FolkoTeka.com - Mana.mp3
[2011/11/06 15:11:45 | 007,388,161 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 02 - www.FolkoTeka.com - Pevajte mi pesme.mp3
[2011/11/06 14:34:46 | 005,715,808 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Ado Gegaj 2011 - www.FolkoTeka.com - Vila srece.mp3
[2011/11/06 13:51:46 | 008,480,021 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 07 - Bivsa draga - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:49:50 | 008,917,827 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 06 - Majka - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:46:10 | 007,334,812 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 05 - Ludo ljeto - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:38:12 | 009,637,767 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 03 - Za koju cijenu si dusu prodala - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:35:13 | 009,062,013 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 02 - Pravo na ljubav - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:31:13 | 008,264,757 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 01 - Subota je ludilo - www.FolkoTeka.com - 2011.mp3
[2011/11/04 12:31:31 | 001,547,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/04 01:44:19 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/04 01:44:19 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 01:39:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/03 14:04:53 | 000,013,480 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\T2 Playlist 19.10.2011.m3u
[2011/10/19 12:39:27 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk

========== Files Created - No Company Name ==========

[2011/11/15 22:57:20 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2011/11/15 22:57:20 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2011/11/14 22:09:20 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLounge.lnk
[2011/11/14 22:09:20 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2011.lnk
[2011/11/14 22:09:20 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/14 22:09:20 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/11/14 22:09:20 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/14 22:09:20 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/14 22:09:20 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/14 22:09:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/14 22:09:20 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/14 22:09:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 22:09:20 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegClean Pro.lnk
[2011/11/14 22:09:20 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/11/14 22:09:20 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/11/14 22:09:20 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/14 22:09:19 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011/11/14 22:09:19 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/14 22:09:19 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/14 22:09:17 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/14 22:09:17 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/11/14 22:09:13 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/14 22:09:13 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/11/14 22:09:13 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011/11/14 22:09:13 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2011/11/14 22:09:13 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2011/11/14 22:09:13 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe InDesign CS.lnk
[2011/11/14 22:09:12 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
[2011/11/14 22:09:12 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
[2011/11/14 21:56:18 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/14 21:55:47 | 000,747,008 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\RogueKiller.exe
[2011/11/11 14:18:10 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/11 11:15:25 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/06 15:29:32 | 009,252,277 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 08 - www.FolkoTeka.com - Ako me umiris sad.mp3
[2011/11/06 15:26:17 | 007,684,905 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 07 - www.FolkoTeka.com - Andjele.mp3
[2011/11/06 15:20:32 | 006,972,276 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 05 - www.FolkoTeka.com - Mana.mp3
[2011/11/06 15:11:37 | 007,388,161 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 02 - www.FolkoTeka.com - Pevajte mi pesme.mp3
[2011/11/06 14:34:41 | 005,715,808 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Ado Gegaj 2011 - www.FolkoTeka.com - Vila srece.mp3
[2011/11/06 13:51:37 | 008,480,021 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 07 - Bivsa draga - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:49:42 | 008,917,827 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 06 - Majka - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:46:02 | 007,334,812 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 05 - Ludo ljeto - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:38:02 | 009,637,767 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 03 - Za koju cijenu si dusu prodala - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:35:02 | 009,062,013 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 02 - Pravo na ljubav - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:31:03 | 008,264,757 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 01 - Subota je ludilo - www.FolkoTeka.com - 2011.mp3
[2011/11/04 01:39:04 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/03 14:04:51 | 000,013,480 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\T2 Playlist 19.10.2011.m3u
[2011/04/23 14:07:51 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/23 14:07:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/01/03 14:18:55 | 000,467,968 | ---- | C] () -- C:\WINDOWS\VPro500.exe
[2010/12/13 15:33:36 | 000,000,518 | -H-- | C] () -- C:\WINDOWS\System32\SPC610NC.ini
[2010/12/13 14:18:12 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/12/11 13:48:21 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/11 13:48:18 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/11 13:48:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/11 13:47:55 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/18 18:27:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/01/09 19:31:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe
[2009/10/29 12:32:20 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/09 11:09:19 | 000,004,767 | -H-- | C] () -- C:\WINDOWS\Irremote.ini
[2009/08/13 23:13:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/08/03 04:58:44 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2009/03/13 12:38:11 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/09 07:37:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2008/12/17 14:11:10 | 000,000,572 | ---- | C] () -- C:\WINDOWS\WT.INI
[2008/12/13 21:48:39 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/16 12:18:07 | 000,000,099 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/01 21:21:09 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll
[2008/07/01 21:21:09 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll
[2008/07/01 21:21:09 | 000,271,872 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll
[2008/07/01 21:21:09 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll
[2008/07/01 21:21:09 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll
[2008/07/01 21:21:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll
[2008/07/01 21:21:09 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll
[2008/07/01 21:21:09 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll
[2008/07/01 21:21:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll
[2008/07/01 21:21:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll
[2008/06/11 10:58:20 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/11 10:58:12 | 002,121,235 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/06/11 10:58:12 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/11 10:58:12 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/11 10:58:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/10 11:24:12 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/09 16:40:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/09 15:54:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/08 14:23:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/07 15:24:36 | 000,141,824 | -H-- | C] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/07 00:23:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/07 00:22:06 | 001,547,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/06 22:36:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/06 22:30:10 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/19 23:05:00 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/04/19 23:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,436,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,068,796 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/11/14 19:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/10/14 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2008/07/17 16:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/09/24 12:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/01/04 19:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/06/21 22:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/10/14 23:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2008/11/28 14:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/03/12 10:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/09/24 11:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/21 02:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2011/10/14 23:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2008/06/17 21:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011/11/15 13:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/15 00:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/03/10 23:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/02/12 03:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/14 23:59:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2009/12/23 15:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/09/03 12:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Acoustica
[2011/11/14 22:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\adawaretb
[2011/08/05 15:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\AskToolbar
[2010/02/12 22:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Auslogics
[2011/10/14 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Babylon
[2011/11/10 22:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\BitTorrent
[2010/12/13 14:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Carambis
[2011/10/14 23:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Complitly
[2009/09/24 11:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DriverCure
[2011/08/18 15:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DVDVideoSoft
[2011/08/15 12:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers
[2011/11/10 22:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\GetRightToGo
[2010/06/03 14:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\LimeWire
[2008/06/09 15:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\MSNInstaller
[2009/03/12 10:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\NCH Swift Sound
[2008/10/03 12:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Opera
[2008/06/18 10:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Propellerhead Software
[2010/12/11 13:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\SystemRequirementsLab
[2011/10/15 01:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Systweak
[2011/10/15 00:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\TuneUp Software
[2011/11/15 23:10:09 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/11/15 15:02:18 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
[2011/10/15 01:37:43 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
[2011/11/15 23:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/11/15 23:19:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2011/11/15 23:15:48 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

------------------------------------------------------------------------------------------------------------------------------------------------------

RK report 4

RogueKiller V6.1.8 [11/14/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: andro [Admin rights]
Mode: Shortcuts HJfix -- Date : 11/15/2011 23:27:20

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 13 / Fail 4
My documents: Success 0 / Fail 3
My favorites: Success 0 / Fail 1
My pictures: Success 0 / Fail 1
My music: Success 0 / Fail 1
My videos: Success 0 / Fail 0
Local drives: Success 14 / Fail 4
Backup: [FOUND] Success 1 / Fail 304

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\Harddisk1\DP(1)0-0+6 -- 0x2 --> Restored
[F:] \Device\Harddisk2\DP(1)0-0+7 -- 0x2 --> Restored
[G:] \Device\Harddisk3\DP(1)0-0+8 -- 0x2 --> Restored
[H:] \Device\Harddisk4\DP(1)0-0+9 -- 0x2 --> Restored

¤¤¤ Infection : Fake HDD ¤¤¤

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

-----------------------------------------------------------------------------------

MBAM report


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Različica baze: 8170

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/15/2011 23:37:20
mbam-log-2011-11-15 (23-37-20).txt

Tip pregleda: Hitri pregled
Preverjenih objektov: 189911
Pretečen čas: 7 minut, 3 sekund

Okuženih spominskih procesov: 0
Okuženih spominskih modulov: 0
Okuženih ključev registra: 0
Okuženih vrednosti registra: 0
Okuženih vnosov v register: 0
Okuženih map: 0
Okuženih datotek: 2

Okuženih spominskih procesov:
(Ni bilo najdenih zlonamernih objektov)

Okuženih spominskih modulov:
(Ni bilo najdenih zlonamernih objektov)

Okuženih ključev registra:
(Ni bilo najdenih zlonamernih objektov)

Okuženih vrednosti registra:
(Ni bilo najdenih zlonamernih objektov)

Okuženih vnosov v register:
(Ni bilo najdenih zlonamernih objektov)

Okuženih map:
(Ni bilo najdenih zlonamernih objektov)

Okuženih datotek:
c:\documents and settings\andro\local settings\temporary internet files\Content.IE5\MVQ2BKU4\gridinsoft.trojan.killer.2.0.8.6.keygen[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\andro\local settings\temporary internet files\Content.IE5\VHC4S44U\gridinsoft.trojan.killer.2.0.8.6.crack[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know what problems remain please
  • 0

#7
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
Sorry I forgot to add that=)

I miss some folders and contents in them like music, pictures, desktop.ini, Config.Msi, RECYCLER, System Volume Information, boot.ini, AUTOEXEC.BAT, CONFIG.SYS, few word documents and others.... I can see all those folders but they look blurred ( I see only outlines) !

During the Malwarebytes scan Avira warned me with sign Malware found...here are these events

Exported events:

11/15/2011 23:37 [Realtime Protection] Malware found
Virus or unwanted program 'TR/Fraud.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\andro\Local Settings\Temporary
Internet
Files\Content.IE5\VHC4S44U\GridinSoft.Trojan.Killer.2.0.8.6.Crack[1].exe.
Action performed: Deny access

11/15/2011 23:37 [Realtime Protection] Malware found
Virus or unwanted program 'TR/Fraud.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\andro\Local Settings\Temporary
Internet
Files\Content.IE5\MVQ2BKU4\GridinSoft.Trojan.Killer.2.0.8.6.Keygen[1].exe.
Action performed: Deny access

11/15/2011 23:37 [Realtime Protection] Malware found
Virus or unwanted program 'TR/Fraud.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\andro\Local Settings\Temporary
Internet
Files\Content.IE5\MVQ2BKU4\GridinSoft.Trojan.Killer.2.0.8.6.Keygen[1].exe.
Action performed: Deny access

11/15/2011 23:37 [Realtime Protection] Malware found
Virus or unwanted program 'TR/Fraud.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\andro\Local Settings\Temporary
Internet
Files\Content.IE5\VHC4S44U\GridinSoft.Trojan.Killer.2.0.8.6.Crack[1].exe.
Action performed: Deny access

11/15/2011 23:34 [Realtime Protection] Malware found
Virus or unwanted program 'TR/Fraud.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\andro\Local Settings\Temporary
Internet
Files\Content.IE5\VHC4S44U\GridinSoft.Trojan.Killer.2.0.8.6.Crack[1].exe.
Action performed: Deny access

11/15/2011 23:33 [Realtime Protection] Malware found
Virus or unwanted program 'TR/Fraud.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\andro\Local Settings\Temporary
Internet
Files\Content.IE5\MVQ2BKU4\GridinSoft.Trojan.Killer.2.0.8.6.Keygen[1].exe.
Action performed: Deny access

11/15/2011 23:33 [Realtime Protection] Malware found
Virus or unwanted program 'TR/Fraud.Gen2 [trojan]'
detected in file 'C:\Documents and Settings\andro\Local Settings\Temporary
Internet
Files\Content.IE5\MVQ2BKU4\GridinSoft.Trojan.Killer.2.0.8.6.Keygen[1].exe.
Action performed: Deny access

11/15/2011 23:32 [Realtime Protection] Malware found
Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Documents and Settings\andro\Local
Settings\temp\Rar$EX16.031\trojankiller-setup.exe.
Action performed: Deny access

11/15/2011 23:32 [Realtime Protection] Malware found
Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Documents and Settings\andro\Local
Settings\temp\Rar$EX13.703\trojankiller-setup.exe.
Action performed: Deny access

11/15/2011 23:32 [Realtime Protection] Malware found
Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Documents and Settings\andro\Local
Settings\temp\Rar$EX04.828\trojankiller-setup.exe.
Action performed: Deny access

11/15/2011 23:32 [Realtime Protection] Malware found
Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Documents and Settings\andro\Local
Settings\temp\Rar$EX03.671\trojankiller-setup.exe.
Action performed: Deny access

11/15/2011 23:32 [Realtime Protection] Malware found
Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Documents and Settings\andro\Local
Settings\temp\Rar$EX02.625\trojankiller-setup.exe.
Action performed: Deny access

11/15/2011 23:32 [Realtime Protection] Malware found
Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Documents and Settings\andro\Local
Settings\temp\Rar$EX00.671\trojankiller-setup.exe.
Action performed: Deny access
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
They are in the temporary folder, which I have refrained from emptying until such time as we get the folders back

Lets try one more programme to reinstate themm

Download & Run Unhide

Unhide.exe
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

If Unhide does not work, try running it again.

Once done could you run a fresh OTL log for me please
  • 0

#9
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
I run Unhide...it managed to show most folders but some are still hidden.

When this tool was running Avira came with message again> Malware found Realtime protection detected 3 viruses or unwanted programs.Access was denied.

Here is OTL log

OTL logfile created on: 11/16/2011 22:51:09 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\andro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: M/d/yyyy

2,00 Gb Total Physical Memory | 0,39 Gb Available Physical Memory | 19,31% Memory free
3,85 Gb Paging File | 2,38 Gb Available in Paging File | 61,98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 131,06 Gb Free Space | 56,28% Space Free | Partition Type: NTFS

Computer Name: JUD-03F4AE0B207 | User Name: andro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 23:19:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
PRC - [2011/11/09 23:19:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/09 16:35:10 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/09 16:35:10 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/24 15:42:24 | 000,161,336 | ---- | M] (Google) -- C:\Documents and Settings\andro\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/10/13 11:45:15 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_Plugin.exe
PRC - [2011/10/11 14:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:00:10 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/11 14:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/27 11:18:14 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/09/27 11:15:38 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2009/03/05 15:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/11 11:17:32 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/11/09 23:19:41 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/09 16:35:12 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/09 16:35:12 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/09 16:35:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/13 11:45:15 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/11 14:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/09/22 20:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2010/02/05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
MOD - [2008/04/14 01:12:42 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008/04/14 01:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/29 16:42:20 | 000,159,744 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mmfinfo.dll
MOD - [2008/03/29 16:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
MOD - [2007/03/11 00:10:14 | 000,958,464 | ---- | M] () -- C:\Program Files\DirectVobSub\VSFilter.dll
MOD - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ekrn)
SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
SRV - [2011/11/09 16:35:10 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:00:10 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/27 11:15:38 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2009/02/15 22:01:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - [2011/11/15 23:27:57 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/11/09 16:35:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/09 16:35:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/11 14:00:32 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/10 17:43:33 | 006,108,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/29 18:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/01/19 17:14:50 | 000,409,728 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC610NC.SYS -- (SPC610NC)
DRV - [2007/01/19 17:14:50 | 000,409,728 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC610NC.SYS -- (SPC500NC)
DRV - [2005/07/12 18:53:20 | 000,007,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\andro\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\andro\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=7: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/21 12:11:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 23:19:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 00:20:15 | 000,000,000 | ---D | M]

[2009/05/28 14:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions
[2009/05/28 14:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions\[email protected]
[2011/10/17 14:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions
[2010/04/27 23:16:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/11 11:22:35 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/04/30 12:18:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/11 23:48:19 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\[email protected]
[2011/11/15 23:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 23:19:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/05/07 11:40:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 23:19:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/13 23:48:10 | 000,437,128 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15061 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide....ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.255.209.79 84.255.210.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A4DC16C-EC4E-4C90-9FDA-18354A1D5250}: DhcpNameServer = 84.255.209.79 84.255.210.79
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/06 22:34:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/15 23:03:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/15 22:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2011/11/14 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Desktop\RK_Quarantine
[2011/11/11 11:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Local Settings\Application Data\adaware
[2011/11/11 11:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/11/11 11:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/11/11 11:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Application Data\adawaretb
[2011/11/11 11:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2011/11/11 11:15:24 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/11 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/11/10 23:19:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2011/11/10 21:14:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\andro\Recent
[2011/11/10 21:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/11/09 23:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Start Menu\Programs\System Restore
[2011/11/02 15:06:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Desktop\Programi za popravljanje
[2011/10/22 00:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/10/19 12:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Application Data\Avira
[2011/10/19 12:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/19 12:37:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/19 12:37:22 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/19 12:37:22 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/19 12:37:22 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/19 12:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/19 12:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

========== Files - Modified Within 30 Days ==========

[2011/11/16 23:19:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2011/11/16 23:15:57 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job
[2011/11/16 23:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/16 22:32:02 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004UA.job
[2011/11/16 21:47:52 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\unhide.exe
[2011/11/16 20:32:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004Core.job
[2011/11/16 15:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
[2011/11/16 15:02:14 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2011/11/16 13:14:20 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
[2011/11/16 13:13:52 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
[2011/11/16 13:13:42 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/16 13:13:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/16 13:11:14 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
[2011/11/16 13:11:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/16 00:34:50 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/16 00:34:46 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/15 23:27:57 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/14 21:55:43 | 000,747,008 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\RogueKiller.exe
[2011/11/11 11:37:17 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/10 23:19:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2011/11/09 23:24:47 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/09 22:53:40 | 000,270,152 | ---- | M] () -- C:\Documents and Settings\andro\My Documents\Alja.rtf
[2011/11/09 16:35:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/09 14:11:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/09 14:11:24 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/06 15:29:42 | 009,252,277 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 08 - www.FolkoTeka.com - Ako me umiris sad.mp3
[2011/11/06 15:26:26 | 007,684,905 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 07 - www.FolkoTeka.com - Andjele.mp3
[2011/11/06 15:20:40 | 006,972,276 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 05 - www.FolkoTeka.com - Mana.mp3
[2011/11/06 15:11:45 | 007,388,161 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 02 - www.FolkoTeka.com - Pevajte mi pesme.mp3
[2011/11/06 14:34:46 | 005,715,808 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Ado Gegaj 2011 - www.FolkoTeka.com - Vila srece.mp3
[2011/11/06 13:51:46 | 008,480,021 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 07 - Bivsa draga - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:49:50 | 008,917,827 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 06 - Majka - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:46:10 | 007,334,812 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 05 - Ludo ljeto - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:38:12 | 009,637,767 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 03 - Za koju cijenu si dusu prodala - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:35:13 | 009,062,013 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 02 - Pravo na ljubav - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:31:13 | 008,264,757 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 01 - Subota je ludilo - www.FolkoTeka.com - 2011.mp3
[2011/11/04 12:31:31 | 001,547,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/04 01:44:19 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/04 01:44:19 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 01:39:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/03 14:04:53 | 000,013,480 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\T2 Playlist 19.10.2011.m3u
[2011/10/19 12:39:27 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk

========== Files Created - No Company Name ==========

[2011/11/16 22:36:20 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2011/11/16 21:47:53 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\unhide.exe
[2011/11/15 23:25:16 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/15 22:57:20 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2011/11/14 22:09:20 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLounge.lnk
[2011/11/14 22:09:20 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2011.lnk
[2011/11/14 22:09:20 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/14 22:09:20 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/11/14 22:09:20 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/14 22:09:20 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/14 22:09:20 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/14 22:09:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/14 22:09:20 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/14 22:09:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 22:09:20 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegClean Pro.lnk
[2011/11/14 22:09:20 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/11/14 22:09:20 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/11/14 22:09:20 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/14 22:09:19 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011/11/14 22:09:19 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/14 22:09:19 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/14 22:09:17 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/14 22:09:17 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/11/14 22:09:13 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/14 22:09:13 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/11/14 22:09:13 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011/11/14 22:09:13 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2011/11/14 22:09:13 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2011/11/14 22:09:13 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe InDesign CS.lnk
[2011/11/14 22:09:12 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
[2011/11/14 22:09:12 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
[2011/11/14 21:56:18 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/14 21:55:47 | 000,747,008 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\RogueKiller.exe
[2011/11/11 14:18:10 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/11 11:15:25 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/06 15:29:32 | 009,252,277 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 08 - www.FolkoTeka.com - Ako me umiris sad.mp3
[2011/11/06 15:26:17 | 007,684,905 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 07 - www.FolkoTeka.com - Andjele.mp3
[2011/11/06 15:20:32 | 006,972,276 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 05 - www.FolkoTeka.com - Mana.mp3
[2011/11/06 15:11:37 | 007,388,161 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 02 - www.FolkoTeka.com - Pevajte mi pesme.mp3
[2011/11/06 14:34:41 | 005,715,808 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Ado Gegaj 2011 - www.FolkoTeka.com - Vila srece.mp3
[2011/11/06 13:51:37 | 008,480,021 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 07 - Bivsa draga - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:49:42 | 008,917,827 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 06 - Majka - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:46:02 | 007,334,812 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 05 - Ludo ljeto - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:38:02 | 009,637,767 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 03 - Za koju cijenu si dusu prodala - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:35:02 | 009,062,013 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 02 - Pravo na ljubav - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:31:03 | 008,264,757 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 01 - Subota je ludilo - www.FolkoTeka.com - 2011.mp3
[2011/11/04 01:39:04 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/03 14:04:51 | 000,013,480 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\T2 Playlist 19.10.2011.m3u
[2011/04/23 14:07:51 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/23 14:07:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/01/03 14:18:55 | 000,467,968 | ---- | C] () -- C:\WINDOWS\VPro500.exe
[2010/12/13 15:33:36 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SPC610NC.ini
[2010/12/13 14:18:12 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/12/11 13:48:21 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/11 13:48:18 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/11 13:48:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/11 13:47:55 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/18 18:27:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/01/09 19:31:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe
[2009/10/29 12:32:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/09 11:09:19 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/08/13 23:13:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/08/03 04:58:44 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2009/03/13 12:38:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/09 07:37:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2008/12/17 14:11:10 | 000,000,572 | ---- | C] () -- C:\WINDOWS\WT.INI
[2008/12/13 21:48:39 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/16 12:18:07 | 000,000,099 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/01 21:21:09 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll
[2008/07/01 21:21:09 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll
[2008/07/01 21:21:09 | 000,271,872 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll
[2008/07/01 21:21:09 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll
[2008/07/01 21:21:09 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll
[2008/07/01 21:21:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll
[2008/07/01 21:21:09 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll
[2008/07/01 21:21:09 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll
[2008/07/01 21:21:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll
[2008/07/01 21:21:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll
[2008/06/11 10:58:20 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/11 10:58:12 | 002,121,235 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/06/11 10:58:12 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/11 10:58:12 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/11 10:58:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/10 11:24:12 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/09 16:40:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/09 15:54:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/08 14:23:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/07 15:24:36 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/07 00:23:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/07 00:22:06 | 001,547,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/06 22:36:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/06 22:30:10 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/19 23:05:00 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/04/19 23:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,436,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,068,796 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/11/14 19:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/10/14 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2008/07/17 16:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/09/24 12:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/01/04 19:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/06/21 22:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/10/14 23:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2008/11/28 14:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/03/12 10:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/09/24 11:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/21 02:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2011/10/14 23:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2008/06/17 21:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011/11/15 13:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/15 00:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/03/10 23:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/02/12 03:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/14 23:59:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2009/12/23 15:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/09/03 12:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Acoustica
[2011/11/14 22:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\adawaretb
[2011/08/05 15:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\AskToolbar
[2010/02/12 22:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Auslogics
[2011/10/14 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Babylon
[2011/11/10 22:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\BitTorrent
[2010/12/13 14:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Carambis
[2011/10/14 23:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Complitly
[2009/09/24 11:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DriverCure
[2011/08/18 15:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DVDVideoSoft
[2011/08/15 12:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers
[2011/11/10 22:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\GetRightToGo
[2010/06/03 14:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\LimeWire
[2008/06/09 15:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\MSNInstaller
[2009/03/12 10:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\NCH Swift Sound
[2008/10/03 12:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Opera
[2008/06/18 10:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Propellerhead Software
[2010/12/11 13:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\SystemRequirementsLab
[2011/10/15 01:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Systweak
[2011/10/15 00:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\TuneUp Software
[2011/11/16 13:13:42 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/11/16 15:02:14 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
[2011/10/15 01:37:43 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
[2011/11/16 23:01:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/11/16 23:19:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2011/11/16 23:15:57 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if we can recover the rest

Restore Accessories Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image


Once they are, click on the Restore button.



Restore Admin Tools Program Files Menu

Please download this tool here.

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image


This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
Download the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu

Posted Image


Posted Image
  • 0

Advertisements


#11
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
I did as you wrote...

One question here>this Recovery folder contains only Program files...what about others like on Local Disk (C:)? I attached a screenshot that you will see what I'm talking about!

Attached Thumbnails

  • Hidden files&folders.JPG

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try a different route and see if we can get them back that way

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C


    :Commands
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#13
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
A few seconds later after I clicked Run fix OTL window appeared with this message...
Access violation at address 0040295B in module OTL.exe. Read of address 001EB000.
This happened while OTL was creating a Restore Point. When I saw that program is not responding I closed OTL and run it again. I also closed Mozilla&MSN Messenger. I tried again and this time with success. Was there anything wrong in running process when this tool was doing its work first time ( was that because of running Mozilla&MSN at the same time) or was that because of infection?

Here is another problem...
Last night Malwarebytes warned me two times that it detected and blocked malicious process and gave me three options...Disable protection; Ignore; Quarantine...
Of course I clicked Quarantine!

Those two detections are:
1. C:\WINDOWS\0.182457117160722.exe
2. C:\WINDOWS\0.995837759566659.exe

Infection in both cases is Trojan.FakeAlert

OTL log

OTL logfile created on: 11/18/2011 14:03:21 - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\andro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: M/d/yyyy

2,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 49,14% Memory free
3,85 Gb Paging File | 3,04 Gb Available in Paging File | 78,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 131,02 Gb Free Space | 56,26% Space Free | Partition Type: NTFS

Computer Name: JUD-03F4AE0B207 | User Name: andro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 23:19:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
PRC - [2011/11/09 23:19:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/09 16:35:10 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/09 16:35:10 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/11 14:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:00:10 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/11 14:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/27 11:18:14 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/09/27 11:15:38 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2009/03/05 15:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/11 11:17:32 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/11/09 23:19:41 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/09 16:35:12 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/09 16:35:12 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/09 16:35:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/11 14:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/02/05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/29 16:42:20 | 000,159,744 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mmfinfo.dll
MOD - [2008/03/29 16:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
MOD - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ekrn)
SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
SRV - [2011/11/09 16:35:10 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:00:10 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/27 11:15:38 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2009/02/15 22:01:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - [2011/11/15 23:27:57 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/11/09 16:35:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/09 16:35:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/11 14:00:32 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/10 17:43:33 | 006,108,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/29 18:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/01/19 17:14:50 | 000,409,728 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC610NC.SYS -- (SPC610NC)
DRV - [2007/01/19 17:14:50 | 000,409,728 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC610NC.SYS -- (SPC500NC)
DRV - [2005/07/12 18:53:20 | 000,007,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\andro\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\andro\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=7: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/21 12:11:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 23:19:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 00:20:15 | 000,000,000 | ---D | M]

[2009/05/28 14:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions
[2009/05/28 14:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions\[email protected]
[2011/10/17 14:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions
[2010/04/27 23:16:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/11 11:22:35 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/04/30 12:18:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/11 23:48:19 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\[email protected]
[2011/11/15 23:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 23:19:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/05/07 11:40:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 23:19:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/13 23:48:10 | 000,437,128 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15061 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide....ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.255.209.79 84.255.210.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A4DC16C-EC4E-4C90-9FDA-18354A1D5250}: DhcpNameServer = 84.255.209.79 84.255.210.79
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/06 22:34:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/16 23:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Desktop\Recovery
[2011/11/15 23:03:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/15 22:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2011/11/14 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Desktop\RK_Quarantine
[2011/11/11 11:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Local Settings\Application Data\adaware
[2011/11/11 11:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/11/11 11:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/11/11 11:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Application Data\adawaretb
[2011/11/11 11:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2011/11/11 11:15:24 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/11 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/11/10 23:19:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2011/11/10 21:14:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\andro\Recent
[2011/11/10 21:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/11/09 23:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Start Menu\Programs\System Restore
[2011/11/02 15:06:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Desktop\Programi za popravljanje
[2011/10/22 00:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software

========== Files - Modified Within 30 Days ==========

[2011/11/18 14:14:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2011/11/18 14:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/18 14:00:23 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
[2011/11/18 14:00:13 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job
[2011/11/18 14:00:12 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
[2011/11/18 13:59:48 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/18 13:59:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/18 13:57:37 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
[2011/11/18 13:57:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/18 13:33:23 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/18 13:33:23 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/18 13:32:03 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004UA.job
[2011/11/17 17:11:05 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/17 15:59:51 | 000,107,844 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Hidden files&folders.JPG
[2011/11/17 15:02:18 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2011/11/17 00:05:30 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/16 23:44:38 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Repair.vbs
[2011/11/16 23:42:41 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Windows XP Tips - Ramesh.url
[2011/11/16 23:41:29 | 000,007,252 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\admintools.zip
[2011/11/16 23:38:58 | 000,014,797 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\accrestore.zip
[2011/11/16 21:47:52 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\unhide.exe
[2011/11/16 20:32:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004Core.job
[2011/11/16 15:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
[2011/11/15 23:27:57 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/14 21:55:43 | 000,747,008 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\RogueKiller.exe
[2011/11/11 11:37:17 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/10 23:19:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2011/11/09 23:24:47 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/09 22:53:40 | 000,270,152 | ---- | M] () -- C:\Documents and Settings\andro\My Documents\Alja.rtf
[2011/11/09 16:35:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/06 15:29:42 | 009,252,277 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 08 - www.FolkoTeka.com - Ako me umiris sad.mp3
[2011/11/06 15:26:26 | 007,684,905 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 07 - www.FolkoTeka.com - Andjele.mp3
[2011/11/06 15:20:40 | 006,972,276 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 05 - www.FolkoTeka.com - Mana.mp3
[2011/11/06 15:11:45 | 007,388,161 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 02 - www.FolkoTeka.com - Pevajte mi pesme.mp3
[2011/11/06 14:34:46 | 005,715,808 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Ado Gegaj 2011 - www.FolkoTeka.com - Vila srece.mp3
[2011/11/06 13:51:46 | 008,480,021 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 07 - Bivsa draga - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:49:50 | 008,917,827 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 06 - Majka - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:46:10 | 007,334,812 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 05 - Ludo ljeto - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:38:12 | 009,637,767 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 03 - Za koju cijenu si dusu prodala - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:35:13 | 009,062,013 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 02 - Pravo na ljubav - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:31:13 | 008,264,757 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 01 - Subota je ludilo - www.FolkoTeka.com - 2011.mp3
[2011/11/04 12:31:31 | 001,547,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/04 01:44:19 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/04 01:44:19 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 01:39:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/03 14:04:53 | 000,013,480 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\T2 Playlist 19.10.2011.m3u

========== Files Created - No Company Name ==========

[2011/11/17 15:59:51 | 000,107,844 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Hidden files&folders.JPG
[2011/11/16 23:44:40 | 000,002,258 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Repair.vbs
[2011/11/16 23:42:41 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Windows XP Tips - Ramesh.url
[2011/11/16 23:42:05 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\AdminTools.exe
[2011/11/16 23:41:31 | 000,007,252 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\admintools.zip
[2011/11/16 23:39:58 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\AccRestore.exe
[2011/11/16 23:39:01 | 000,014,797 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\accrestore.zip
[2011/11/16 22:36:20 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2011/11/16 21:47:53 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\unhide.exe
[2011/11/15 23:25:16 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/15 22:57:20 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2011/11/14 22:09:20 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLounge.lnk
[2011/11/14 22:09:20 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2011.lnk
[2011/11/14 22:09:20 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/14 22:09:20 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/11/14 22:09:20 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/14 22:09:20 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/14 22:09:20 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/14 22:09:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/14 22:09:20 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/14 22:09:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 22:09:20 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegClean Pro.lnk
[2011/11/14 22:09:20 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/11/14 22:09:20 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/11/14 22:09:20 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/14 22:09:19 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011/11/14 22:09:19 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/14 22:09:19 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/14 22:09:17 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/14 22:09:17 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/11/14 22:09:13 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/14 22:09:13 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/11/14 22:09:13 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011/11/14 22:09:13 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2011/11/14 22:09:13 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2011/11/14 22:09:13 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe InDesign CS.lnk
[2011/11/14 22:09:12 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
[2011/11/14 22:09:12 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
[2011/11/14 21:56:18 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/14 21:55:47 | 000,747,008 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\RogueKiller.exe
[2011/11/11 14:18:10 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/11 11:15:25 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/06 15:29:32 | 009,252,277 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 08 - www.FolkoTeka.com - Ako me umiris sad.mp3
[2011/11/06 15:26:17 | 007,684,905 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 07 - www.FolkoTeka.com - Andjele.mp3
[2011/11/06 15:20:32 | 006,972,276 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 05 - www.FolkoTeka.com - Mana.mp3
[2011/11/06 15:11:37 | 007,388,161 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 02 - www.FolkoTeka.com - Pevajte mi pesme.mp3
[2011/11/06 14:34:41 | 005,715,808 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Ado Gegaj 2011 - www.FolkoTeka.com - Vila srece.mp3
[2011/11/06 13:51:37 | 008,480,021 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 07 - Bivsa draga - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:49:42 | 008,917,827 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 06 - Majka - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:46:02 | 007,334,812 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 05 - Ludo ljeto - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:38:02 | 009,637,767 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 03 - Za koju cijenu si dusu prodala - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:35:02 | 009,062,013 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 02 - Pravo na ljubav - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:31:03 | 008,264,757 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 01 - Subota je ludilo - www.FolkoTeka.com - 2011.mp3
[2011/11/04 01:39:04 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/03 14:04:51 | 000,013,480 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\T2 Playlist 19.10.2011.m3u
[2011/04/23 14:07:51 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/23 14:07:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/01/03 14:18:55 | 000,467,968 | ---- | C] () -- C:\WINDOWS\VPro500.exe
[2010/12/13 15:33:36 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SPC610NC.ini
[2010/12/13 14:18:12 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/12/11 13:48:21 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/11 13:48:18 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/11 13:48:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/11 13:47:55 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/18 18:27:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/01/09 19:31:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe
[2009/10/29 12:32:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/09 11:09:19 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/08/13 23:13:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/08/03 04:58:44 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2009/03/13 12:38:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/09 07:37:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2008/12/17 14:11:10 | 000,000,572 | ---- | C] () -- C:\WINDOWS\WT.INI
[2008/12/13 21:48:39 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/16 12:18:07 | 000,000,099 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/01 21:21:09 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll
[2008/07/01 21:21:09 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll
[2008/07/01 21:21:09 | 000,271,872 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll
[2008/07/01 21:21:09 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll
[2008/07/01 21:21:09 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll
[2008/07/01 21:21:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll
[2008/07/01 21:21:09 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll
[2008/07/01 21:21:09 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll
[2008/07/01 21:21:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll
[2008/07/01 21:21:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll
[2008/06/11 10:58:20 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/11 10:58:12 | 002,121,235 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/06/11 10:58:12 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/11 10:58:12 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/11 10:58:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/10 11:24:12 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/09 16:40:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/09 15:54:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/08 14:23:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/07 15:24:36 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/07 00:23:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/07 00:22:06 | 001,547,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/06 22:36:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/06 22:30:10 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/19 23:05:00 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/04/19 23:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,436,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,068,796 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/11/14 19:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/10/14 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2008/07/17 16:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/09/24 12:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/01/04 19:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/06/21 22:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/10/14 23:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2008/11/28 14:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/03/12 10:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/09/24 11:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/21 02:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2011/10/14 23:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2008/06/17 21:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011/11/15 13:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/15 00:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/03/10 23:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/02/12 03:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/14 23:59:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2009/12/23 15:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/09/03 12:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Acoustica
[2011/11/14 22:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\adawaretb
[2011/08/05 15:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\AskToolbar
[2010/02/12 22:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Auslogics
[2011/10/14 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Babylon
[2011/11/10 22:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\BitTorrent
[2010/12/13 14:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Carambis
[2011/10/14 23:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Complitly
[2009/09/24 11:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DriverCure
[2011/08/18 15:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DVDVideoSoft
[2011/08/15 12:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers
[2011/11/10 22:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\GetRightToGo
[2010/06/03 14:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\LimeWire
[2008/06/09 15:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\MSNInstaller
[2009/03/12 10:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\NCH Swift Sound
[2008/10/03 12:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Opera
[2008/06/18 10:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Propellerhead Software
[2010/12/11 13:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\SystemRequirementsLab
[2011/10/15 01:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Systweak
[2011/10/15 00:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\TuneUp Software
[2011/11/18 13:59:48 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/11/17 15:02:18 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
[2011/10/15 01:37:43 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
[2011/11/18 14:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/11/18 14:14:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2011/11/18 14:00:13 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK methinks I need a stronger tool now as those were not present on your last OTL log

Download and Install Combofix allow combofix to install the recovery console

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#15
Andro

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
Combofix was successfully run & deleted infected files without any problems...

ComboFix 11-11-18.02 - andro 11/18/2011 23:05:16.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1387 [GMT 1:00]
Running from: c:\documents and settings\andro\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\andro\Application Data\Help\flamiks32.exe
c:\documents and settings\andro\Start Menu\Programs\System Restore
c:\documents and settings\andro\WINDOWS
c:\windows\system32\ndisapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-18 21:51 . 2011-11-18 21:51 -------- d-----w- C:\avrescue
2011-11-15 22:03 . 2011-11-15 22:03 -------- d-----w- C:\_OTL
2011-11-14 20:56 . 2011-11-15 22:27 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-11-11 13:18 . 2011-11-11 10:37 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-11 10:22 . 2011-11-11 10:22 -------- d-----w- c:\documents and settings\andro\Local Settings\Application Data\adaware
2011-11-11 10:22 . 2011-11-14 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2011-11-11 10:22 . 2011-11-11 10:22 -------- d-----w- c:\program files\Toolbar Cleaner
2011-11-11 10:22 . 2011-11-14 21:07 -------- d-----w- c:\documents and settings\andro\Application Data\adawaretb
2011-11-11 10:22 . 2011-11-11 10:22 -------- d-----w- c:\program files\adawaretb
2011-11-11 10:15 . 2011-11-09 15:35 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-10 20:11 . 2011-11-10 22:07 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-10-21 23:56 . 2011-10-21 23:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-17 01:28 . 2011-05-17 13:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2011-10-19 11:37 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-19 11:37 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2011-10-19 11:37 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-10 16:43 . 2010-02-18 17:26 6108776 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-10-10 16:43 . 2010-02-18 17:26 1489512 ----a-w- c:\windows\RtlUpd.exe
2011-10-07 23:55 . 2011-10-07 23:55 3584 ----a-r- c:\documents and settings\andro\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-09-27 10:19 . 2011-10-14 23:00 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-09-26 10:41 . 2008-07-29 17:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 15:00 . 2009-08-05 11:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-09 22:19 . 2011-05-07 10:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-06-25 10:30 1491928 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-06-25 1491928]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-06-25 1491928]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRealMode"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\andro\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
"Microsoft Office Outlook"=c:\progra~1\MICROS~2\OFFICE11\OUTLOOK.EXE /recycle
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /installquiet
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
"SPC500NC_Monitor"=c:\windows\Philips\SPC500NC\Monitor.exe
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"mW[ķµˆÖ¾`=µś¾˜v%S8’’Łźé>grl>­Ż\†Š=ŸąŪ±Ž"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\andro\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\andro\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\andro\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/11/2011 11:15 64512]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/19/2011 12:37 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/19/2011 12:37 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [10/19/2011 12:37 463824]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/5/2009 12:32 366152]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [9/27/2011 11:15 1526080]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [8/3/2009 4:58 7808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/5/2009 12:32 22216]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [11/29/2010 18:27 10064]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" --> c:\program files\ESET\ESET Smart Security\ekrn.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/9/2011 16:35 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/9/2011 16:35 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SPC500NC;SPC 500NC Laptop Camera;c:\windows\system32\drivers\SPC610NC.SYS [1/3/2011 14:18 409728]
S3 SPC610NC;Philips SPC500NC Webcam;c:\windows\system32\drivers\SPC610NC.SYS [1/3/2011 14:18 409728]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [11/14/2011 21:56 111872]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-09 15:35]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004Core.job
- c:\documents and settings\andro\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 13:22]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004UA.job
- c:\documents and settings\andro\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 13:22]
.
2011-11-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-11-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-11-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-11-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-11-18 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-10-15 11:26]
.
2011-10-15 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2011-10-15 11:26]
.
2011-11-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-06-25 10:30]
.
2011-11-18 c:\windows\Tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
2011-11-18 c:\windows\Tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\andro\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\andro\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 84.255.209.79 84.255.210.79
FF - ProfilePath - c:\documents and settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-CTFMON - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-18 23:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-18 23:19:00
ComboFix-quarantined-files.txt 2011-11-18 22:18
.
Pre-Run: 140.828.450.816 bytes free
Post-Run: 140.967.366.656 bytes free
.
- - End Of File - - 8D5CCA359F5E4A3D930A93BBB525CF76



My computer is running ok at the moment but I still think we didn't destroy all infections...
Some folders are still hidden (like System Volume Infromation) and I get Avira warnings from time to time!

Here are these warnings from last two days

Type: File
Source: C:\Documents and Settings\andro\Application Data\Sun\Java\Deployment\cache\6.0\24\79f18c98-12f9b814
Status: Infected
Quarantine object: 226bea5b.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows XP/VISTA Workstation/Windows 7
Search engine: 8.02.06.116
Virus definition file: 7.11.17.231
Detection: TR/Dropper.Gen2
Date/Time: 11/19/2011, 8:23


Type: File
Source: C:\Documents and Settings\andro\Application Data\Sun\Java\Deployment\cache\6.0\44\3b6f60ac-1aa556ed
Status: Infected
Quarantine object: 663fc73a.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows XP/VISTA Workstation/Windows 7
Search engine: 8.02.06.116
Virus definition file: 7.11.17.231
Detection: EXP/CVE-2010-0840.FH
Date/Time: 11/19/2011, 8:23


Type: File
Source: C:\Documents and Settings\andro\Application Data\Sun\Java\Deployment\cache\6.0\54\28d2bab6-4d8b957c
Status: Infected
Quarantine object: 01de88a6.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows XP/VISTA Workstation/Windows 7
Search engine: 8.02.06.116
Virus definition file: 7.11.17.231
Detection: TR/Dropper.Gen2
Date/Time: 11/19/2011, 8:23


Type: File
Source: C:\System Volume Information\_restore{6AEB1218-0035-414B-90B4-49F6EC671704}\RP58\A0015310.exe
Status: Infected
Quarantine object: 4acafde2.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows XP/VISTA Workstation/Windows 7
Search engine: 8.02.06.116
Virus definition file: 7.11.17.231
Detection: TR/Crypt.XPACK.Gen
Date/Time: 11/19/2011, 8:23


Type: File
Source: C:\System Volume Information\_restore{6AEB1218-0035-414B-90B4-49F6EC671704}\RP51\A0014856.exe
Status: Infected
Quarantine object: 525dd245.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows XP/VISTA Workstation/Windows 7
Search engine: 8.02.06.116
Virus definition file: 7.11.17.231
Detection: TR/Crypt.XPACK.Gen
Date/Time: 11/19/2011, 8:23


Type: File
Source: C:\Documents and Settings\andro\Local Settings\temp\Rar$EX02.625\trojankiller-setup.exe
Status: Infected
Quarantine object: 614f2dbc.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows XP/VISTA Workstation/Windows 7
Search engine: 8.02.06.112
Virus definition file: 7.11.17.218
Detection: TR/Dropper.Gen
Date/Time: 11/18/2011, 20:33


Type: File
Source: C:\Documents and Settings\andro\Local Settings\temp\Rar$EX03.671\trojankiller-setup.exe
Status: Infected
Quarantine object: 0778627c.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows XP/VISTA Workstation/Windows 7
Search engine: 8.02.06.112
Virus definition file: 7.11.17.218
Detection: TR/Dropper.Gen
Date/Time: 11/18/2011, 20:33


Type: File
Source: C:\System Volume Information\_restore{6AEB1218-0035-414B-90B4-49F6EC671704}\RP51\A0014855.exe
Status: Infected
Quarantine object: 4c73174a.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows XP/VISTA Workstation/Windows 7
Search engine: 8.02.06.112
Virus definition file: 7.11.17.218
Detection: TR/Crypt.XPACK.Gen
Date/Time: 11/18/2011, 20:32


Type: File
Source: C:\Documents and Settings\andro\Local Settings\temp\Rar$EX16.031\trojankiller-setup.exe
Status: Infected
Quarantine object: 552738af.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows XP/VISTA Workstation/Windows 7
Search engine: 8.02.06.112
Virus definition file: 7.11.17.218
Detection: TR/Dropper.Gen
Date/Time: 11/18/2011, 20:32


Type: File
Source: C:\Documents and Settings\andro\Local Settings\temp\Rar$EX00.671\trojankiller-setup.exe
Status: Infected
Quarantine object: 4db01705.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows XP/VISTA Workstation/Windows 7
Search engine: 8.02.06.112
Virus definition file: 7.11.17.218
Detection: TR/Dropper.Gen
Date/Time: 11/18/2011, 20:32


Type: File
Source: C:\Documents and Settings\andro\Local Settings\temp\Rar$EX04.828\trojankiller-setup.exe
Status: Infected
Quarantine object: 4db016a8.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows XP/VISTA Workstation/Windows 7
Search engine: 8.02.06.112
Virus definition file: 7.11.17.218
Detection: TR/Dropper.Gen
Date/Time: 11/18/2011, 20:31


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP