Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hack tool, trojan downloader...pc freezes or goes mental [Solved]

Started by Crazy North , Jul 24 2012 04:04 AM

  • This topic is locked This topic is locked

#1
Crazy North
Posted 24 July 2012 - 04:04 AM

Crazy North

    Member

  • Member
  • PipPip
  • 78 posts
Hi GeeksToGo,

I've recently found that my home desktop computer has mallware. When I tried to type something in my browser address window or on google, bookmarks started opening, or history or whatever. Also when I played a game, there were problems when I pressed certain keys like space, everything would just go crazy leading to the point where I couldn't do anything to stop the madness.

Avast didn't find anything, then I installed Ad-aware and it found Hacker Tool and Trojan Downloader I think. It successfully cleaned it. After that, there weren't any "keyboard going crazy problems" but I often got a NGINX message and couldn't access some pages, which I later read about and found out that it was due to different anti-virus programs that clash betweem themselves, so I uninstalled Ad-aware.

Unfortunately almost the same thing happened to my computer at work, from which I'm writing to you now. I plugged in my usb that I used at home and not long after that my working lap-top went mad, I couldn't type, I couldn't open programs, the computer kept freezing. I installed Ad-aware but it didnt find anything. The problem that I have now is when windows starts, I try to open firefox eg. and the computer just freezes for no reason and I have to restart it. It doesn't happen every time, but It did happen 3 times for the last few days which brings me to conclusion that it has some mallware that's giving it problems.

I'm sending you a log for the lap top that I use at work because its more important to me. Hopefully if you provide me with solution I can use it on my home PC as well.

Thanks in advance.


OTL logfile created on: 7/24/2012 11:40:57 AM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Petar\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Serbia | Language: SRM | Date Format: d.M.yyyy

1.74 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 31.48% Memory free
3.48 Gb Paging File | 1.75 Gb Available in Paging File | 50.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.80 Gb Total Space | 76.90 Gb Free Space | 78.63% Space Free | Partition Type: NTFS
Drive D: | 200.19 Gb Total Space | 199.35 Gb Free Space | 99.58% Space Free | Partition Type: NTFS
Drive F: | 943.90 Mb Total Space | 0.74 Mb Free Space | 0.08% Space Free | Partition Type: FAT32

Computer Name: PETAR-PC | User Name: Petar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/24 11:40:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Petar\Desktop\OTL.exe
PRC - [2012/07/19 09:15:04 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/12 11:29:08 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/28 17:41:58 | 002,206,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2012/06/28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2012/06/14 04:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Petar\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/16 18:13:16 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/09/16 18:13:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/12/02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/20 09:40:10 | 000,091,136 | ---- | M] () -- C:\Program Files\Winamp\System\xml.w5s
MOD - [2012/07/20 09:40:10 | 000,083,968 | ---- | M] () -- C:\Program Files\Winamp\tataki.dll
MOD - [2012/07/20 09:40:10 | 000,064,512 | ---- | M] () -- C:\Program Files\Winamp\zlib.dll
MOD - [2012/07/20 09:40:10 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\System\timer.w5s
MOD - [2012/07/20 09:40:10 | 000,021,504 | ---- | M] () -- C:\Program Files\Winamp\System\tagz.w5s
MOD - [2012/07/20 09:40:10 | 000,013,824 | ---- | M] () -- C:\Program Files\Winamp\System\primo.w5s
MOD - [2012/07/20 09:40:09 | 000,087,552 | ---- | M] () -- C:\Program Files\Winamp\System\png.w5s
MOD - [2012/07/20 09:40:09 | 000,084,480 | ---- | M] () -- C:\Program Files\Winamp\System\playlist.w5s
MOD - [2012/07/20 09:40:08 | 000,623,616 | ---- | M] () -- C:\Program Files\Winamp\System\jnetlib.w5s
MOD - [2012/07/20 09:40:08 | 000,154,624 | ---- | M] () -- C:\Program Files\Winamp\System\jpeg.w5s
MOD - [2012/07/20 09:40:08 | 000,044,544 | ---- | M] () -- C:\Program Files\Winamp\System\devices.w5s
MOD - [2012/07/20 09:40:08 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\gif.w5s
MOD - [2012/07/20 09:40:08 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\System\dlmgr.w5s
MOD - [2012/07/20 09:40:08 | 000,016,384 | ---- | M] () -- C:\Program Files\Winamp\System\gracenote.w5s
MOD - [2012/07/20 09:40:08 | 000,014,336 | ---- | M] () -- C:\Program Files\Winamp\System\filereader.w5s
MOD - [2012/07/20 09:40:07 | 000,240,640 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_pmp.dll
MOD - [2012/07/20 09:40:07 | 000,174,080 | ---- | M] () -- C:\Program Files\Winamp\System\auth.w5s
MOD - [2012/07/20 09:40:07 | 000,170,496 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_ipod.dll
MOD - [2012/07/20 09:40:07 | 000,118,272 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_p4s.dll
MOD - [2012/07/20 09:40:07 | 000,113,664 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_wifi.dll
MOD - [2012/07/20 09:40:07 | 000,083,456 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_plg.dll
MOD - [2012/07/20 09:40:07 | 000,060,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_android.dll
MOD - [2012/07/20 09:40:07 | 000,053,760 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_usb.dll
MOD - [2012/07/20 09:40:07 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_ds.dll
MOD - [2012/07/20 09:40:07 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_rg.dll
MOD - [2012/07/20 09:40:07 | 000,032,256 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_transcode.dll
MOD - [2012/07/20 09:40:07 | 000,023,552 | ---- | M] () -- C:\Program Files\Winamp\System\albumart.w5s
MOD - [2012/07/20 09:40:07 | 000,022,528 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_disk.dll
MOD - [2012/07/20 09:40:07 | 000,020,480 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_njb.dll
MOD - [2012/07/20 09:40:07 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\System\bmp.w5s
MOD - [2012/07/20 09:40:07 | 000,018,432 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_wave.dll
MOD - [2012/07/20 09:40:06 | 000,313,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wm.dll
MOD - [2012/07/20 09:40:06 | 000,294,912 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_local.dll
MOD - [2012/07/20 09:40:06 | 000,290,816 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp3.dll
MOD - [2012/07/20 09:40:06 | 000,253,440 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_vorbis.dll
MOD - [2012/07/20 09:40:06 | 000,249,856 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_devices.dll
MOD - [2012/07/20 09:40:06 | 000,201,728 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_disc.dll
MOD - [2012/07/20 09:40:06 | 000,164,864 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mod.dll
MOD - [2012/07/20 09:40:06 | 000,124,928 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_online.dll
MOD - [2012/07/20 09:40:06 | 000,109,568 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_midi.dll
MOD - [2012/07/20 09:40:06 | 000,084,480 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_playlists.dll
MOD - [2012/07/20 09:40:06 | 000,075,264 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_nsv.dll
MOD - [2012/07/20 09:40:06 | 000,072,192 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_dshow.dll
MOD - [2012/07/20 09:40:06 | 000,061,440 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flac.dll
MOD - [2012/07/20 09:40:06 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_impex.dll
MOD - [2012/07/20 09:40:06 | 000,052,736 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp4.dll
MOD - [2012/07/20 09:40:06 | 000,052,224 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_history.dll
MOD - [2012/07/20 09:40:06 | 000,049,152 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mkv.dll
MOD - [2012/07/20 09:40:06 | 000,043,008 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flv.dll
MOD - [2012/07/20 09:40:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
MOD - [2012/07/20 09:40:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_autotag.dll
MOD - [2012/07/20 09:40:06 | 000,023,552 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_swf.dll
MOD - [2012/07/20 09:40:06 | 000,016,896 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wave.dll
MOD - [2012/07/20 09:40:06 | 000,007,168 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_linein.dll
MOD - [2012/07/20 09:40:05 | 001,737,728 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ff.dll
MOD - [2012/07/20 09:40:05 | 000,340,992 | ---- | M] () -- C:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2012/07/20 09:40:05 | 000,318,976 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ml.dll
MOD - [2012/07/20 09:40:05 | 000,185,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_jumpex.dll
MOD - [2012/07/20 09:40:05 | 000,102,400 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_cdda.dll
MOD - [2012/07/20 09:40:05 | 000,068,608 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_avi.dll
MOD - [2012/07/20 09:40:05 | 000,057,344 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_orgler.dll
MOD - [2012/07/20 09:40:05 | 000,028,160 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
MOD - [2012/07/20 09:40:05 | 000,025,600 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_tray.dll
MOD - [2012/07/20 09:40:04 | 000,417,280 | ---- | M] () -- C:\Program Files\Winamp\nsutil.dll
MOD - [2012/07/20 09:40:04 | 000,078,848 | ---- | M] () -- C:\Program Files\Winamp\nde.dll
MOD - [2012/07/20 09:40:03 | 000,253,440 | ---- | M] () -- C:\Program Files\Winamp\libsndfile.dll
MOD - [2012/07/19 09:15:04 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/12 11:29:07 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/07/10 06:09:00 | 000,438,296 | ---- | M] () -- C:\Users\Petar\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 06:08:59 | 003,972,120 | ---- | M] () -- C:\Users\Petar\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 06:07:39 | 000,554,520 | ---- | M] () -- C:\Users\Petar\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 06:07:37 | 000,117,784 | ---- | M] () -- C:\Users\Petar\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 06:07:22 | 000,140,328 | ---- | M] () -- C:\Users\Petar\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 06:07:21 | 000,262,184 | ---- | M] () -- C:\Users\Petar\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 06:07:19 | 002,386,984 | ---- | M] () -- C:\Users\Petar\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/10 04:17:27 | 009,255,112 | ---- | M] () -- C:\Users\Petar\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/10 21:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


========== Win32 Services (SafeList) ==========

SRV - [2012/07/19 09:15:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/12 11:29:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/16 18:13:16 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/09/16 18:13:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/12/02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - [2012/07/03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 18:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/06/28 14:52:36 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/03/22 22:44:50 | 000,069,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2011/03/12 03:54:20 | 002,158,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/12/02 01:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009/12/02 22:23:52 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2009/12/02 22:23:50 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009/12/02 22:23:48 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2009/12/02 22:23:46 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/09/17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-Latn-RS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 76 D5 C6 C5 55 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Petar\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Petar\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/05 11:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/23 09:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/20 09:39:24 | 000,000,000 | ---D | M]

[2012/06/29 10:01:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petar\AppData\Roaming\Mozilla\Extensions
[2012/07/23 09:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\1mskwki8.default\extensions
[2012/07/20 10:15:53 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\1mskwki8.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/06/29 10:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/05 11:07:04 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\PETAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MSKWKI8.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012/07/19 09:15:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/06/15 00:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 00:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Petar\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Petar\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Petar\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Users\Petar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Petar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google \u043F\u0440\u0435\u0442\u0440\u0430\u0433\u0430 = C:\Users\Petar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Petar\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Gmail = C:\Users\Petar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - Startup: C:\Users\Petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Petar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.150.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{038BBB98-43F3-4A1E-8198-5AD8E39DC59E}: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D953264-64BE-4150-AA9E-6F9A801AC72E}: DhcpNameServer = 192.168.150.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 11:39:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Petar\Desktop\OTL.exe
[2012/07/24 10:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/07/23 17:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/07/20 10:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/07/20 10:16:20 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\Downloaded Installations
[2012/07/20 10:16:01 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\adawarebp
[2012/07/20 09:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012/07/20 09:39:24 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2012/07/20 09:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2012/07/20 09:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2012/07/20 09:39:07 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Winamp
[2012/07/20 09:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2012/07/19 09:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/19 09:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/18 12:50:03 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\Microsoft Help
[2012/07/18 12:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/07/16 23:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
[2012/07/16 23:12:00 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\BSplayer Pro
[2012/07/16 23:12:00 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\BSplayer
[2012/07/16 23:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Webteh
[2012/07/13 16:18:36 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Apple Computer
[2012/07/13 16:18:36 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\Apple Computer
[2012/07/13 16:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/13 16:18:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/07/13 16:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/13 16:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/13 16:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/07/13 16:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/07/13 16:16:57 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\Apple
[2012/07/13 16:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/07/13 16:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/07/13 16:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/07/13 16:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/07/10 13:53:45 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\Paint.NET
[2012/07/10 13:45:16 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\fontconfig
[2012/07/10 13:45:14 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\gegl-0.2
[2012/07/10 13:45:14 | 000,000,000 | ---D | C] -- C:\Users\Petar\.gimp-2.8
[2012/07/10 13:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/07/05 11:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/02 16:43:24 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\Adobe
[2012/07/02 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/07/02 16:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/07/02 16:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/06/29 13:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/06/29 13:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/06/29 13:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/06/29 13:02:46 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\WinRAR
[2012/06/29 13:02:46 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/29 13:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/29 13:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/06/29 12:51:31 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/29 12:50:53 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\Google
[2012/06/29 12:29:36 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/06/29 11:11:22 | 000,000,000 | R--D | C] -- C:\Users\Petar\Dropbox
[2012/06/29 11:09:59 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/06/29 11:08:57 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Dropbox
[2012/06/29 10:27:31 | 000,018,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/06/29 10:15:07 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/06/29 10:15:06 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/06/29 10:15:03 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/06/29 10:15:02 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/06/29 10:15:01 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/06/29 10:14:59 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/06/29 10:14:03 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/06/29 10:14:03 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/29 10:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/29 10:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/29 10:10:45 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Foxit Software
[2012/06/29 10:02:27 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\Macromedia
[2012/06/29 10:01:30 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Mozilla
[2012/06/29 10:01:30 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\Mozilla
[2012/06/29 10:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/06/29 09:47:17 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Macromedia
[2012/06/29 09:47:17 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Adobe
[2012/06/29 09:45:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/06/29 09:18:22 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Skype
[2012/06/29 09:18:15 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/06/29 09:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/29 09:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/06/29 09:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/06/29 09:09:03 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Opera
[2012/06/29 09:09:03 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\Opera
[2012/06/29 09:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/06/28 12:34:36 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\SoftGrid Client
[2012/06/28 12:34:35 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\SoftGrid Client
[2012/06/28 12:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/06/28 12:33:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/06/28 12:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2012/06/28 12:32:42 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\TP
[2012/06/28 12:30:29 | 000,000,000 | ---D | C] -- C:\Users\Petar\Desktop\PETAR OLD
[2012/06/28 12:30:28 | 000,000,000 | ---D | C] -- C:\Users\Petar\Desktop\PEARL PERSONNEL
[2012/06/28 12:30:27 | 000,000,000 | ---D | C] -- C:\Users\Petar\Desktop\GO DIGITAL PETAR
[2012/06/28 12:27:34 | 000,000,000 | R--D | C] -- C:\Users\Petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/28 12:27:34 | 000,000,000 | R--D | C] -- C:\Users\Petar\Searches
[2012/06/28 12:27:34 | 000,000,000 | R--D | C] -- C:\Users\Petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/28 12:27:33 | 000,000,000 | -H-D | C] -- C:\Users\Petar\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/06/28 12:27:25 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Roaming\Identities
[2012/06/28 12:27:23 | 000,000,000 | R--D | C] -- C:\Users\Petar\Contacts
[2012/06/28 12:27:17 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\VirtualStore
[2012/06/28 12:27:16 | 000,000,000 | --SD | C] -- C:\Users\Petar\AppData\Roaming\Microsoft
[2012/06/28 12:27:16 | 000,000,000 | R--D | C] -- C:\Users\Petar\Videos
[2012/06/28 12:27:16 | 000,000,000 | R--D | C] -- C:\Users\Petar\Saved Games
[2012/06/28 12:27:16 | 000,000,000 | R--D | C] -- C:\Users\Petar\Pictures
[2012/06/28 12:27:16 | 000,000,000 | R--D | C] -- C:\Users\Petar\Music
[2012/06/28 12:27:16 | 000,000,000 | R--D | C] -- C:\Users\Petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/28 12:27:16 | 000,000,000 | R--D | C] -- C:\Users\Petar\Links
[2012/06/28 12:27:16 | 000,000,000 | R--D | C] -- C:\Users\Petar\Favorites
[2012/06/28 12:27:16 | 000,000,000 | R--D | C] -- C:\Users\Petar\Downloads
[2012/06/28 12:27:16 | 000,000,000 | R--D | C] -- C:\Users\Petar\Documents
[2012/06/28 12:27:16 | 000,000,000 | R--D | C] -- C:\Users\Petar\Desktop
[2012/06/28 12:27:16 | 000,000,000 | R--D | C] -- C:\Users\Petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\AppData\Local\Temporary Internet Files
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\Templates
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\Start Menu
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\SendTo
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\Recent
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\PrintHood
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\NetHood
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\Documents\My Videos
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\Documents\My Pictures
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\Documents\My Music
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\My Documents
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\Local Settings
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\AppData\Local\History
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\Cookies
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\Application Data
[2012/06/28 12:27:16 | 000,000,000 | -HSD | C] -- C:\Users\Petar\AppData\Local\Application Data
[2012/06/28 12:27:16 | 000,000,000 | -H-D | C] -- C:\Users\Petar\AppData
[2012/06/28 12:27:16 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\Temp
[2012/06/28 12:27:16 | 000,000,000 | ---D | C] -- C:\Users\Petar\AppData\Local\Microsoft
[2012/06/28 12:25:48 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/06/27 21:45:00 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/06/27 21:08:53 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/06/27 20:46:13 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/06/27 20:45:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/06/27 13:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/06/27 12:33:31 | 002,158,592 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012/06/27 12:33:30 | 000,400,544 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2012/06/27 12:33:30 | 000,064,672 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2012/06/27 12:33:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2012/06/27 12:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2012/06/27 12:33:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/06/27 12:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012/06/27 12:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/06/27 12:31:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Atheros_L1e
[2012/06/27 12:30:20 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2012/06/27 12:29:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\sda
[2012/06/27 12:29:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012/06/27 12:28:55 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2012/06/27 12:28:55 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2012/06/27 12:28:55 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2012/06/27 12:28:55 | 000,214,352 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFNHK.dll
[2012/06/27 12:28:55 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2012/06/27 12:28:55 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2012/06/27 12:28:55 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2012/06/27 12:28:55 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFCOM.dll
[2012/06/27 12:28:55 | 000,068,944 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFAPO.dll
[2012/06/27 12:28:54 | 003,296,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2012/06/27 12:28:54 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2012/06/27 12:28:54 | 001,803,608 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2012/06/27 12:28:54 | 001,730,112 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2012/06/27 12:28:54 | 001,132,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2012/06/27 12:28:54 | 000,962,664 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2012/06/27 12:28:54 | 000,901,224 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2012/06/27 12:28:54 | 000,448,616 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2012/06/27 12:28:54 | 000,429,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2012/06/27 12:28:54 | 000,406,120 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2012/06/27 12:28:54 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2012/06/27 12:28:54 | 000,345,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2012/06/27 12:28:54 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2012/06/27 12:28:54 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2012/06/27 12:28:54 | 000,291,432 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2012/06/27 12:28:54 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2012/06/27 12:28:54 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2012/06/27 12:28:54 | 000,236,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2012/06/27 12:28:54 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2012/06/27 12:28:54 | 000,224,360 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2012/06/27 12:28:54 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2012/06/27 12:28:54 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2012/06/27 12:28:54 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2012/06/27 12:28:54 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2012/06/27 12:28:54 | 000,106,600 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2012/06/27 12:28:54 | 000,102,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2012/06/27 12:28:54 | 000,088,408 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2012/06/27 12:28:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2012/06/27 12:28:54 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2012/06/27 12:28:54 | 000,061,272 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2012/06/27 12:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/06/27 12:28:53 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/06/27 12:28:51 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2012/06/27 12:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/06/27 12:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent
[2012/06/27 12:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/06/27 12:27:57 | 000,000,000 | ---D | C] -- C:\Intel

========== Files - Modified Within 30 Days ==========

[2012/07/24 11:40:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Petar\Desktop\OTL.exe
[2012/07/24 11:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/24 11:20:54 | 000,017,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 11:20:54 | 000,017,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 11:00:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3485599355-1547862124-2018766494-1000UA.job
[2012/07/24 10:44:21 | 000,607,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/24 10:44:21 | 000,103,754 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/24 10:18:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/24 10:18:22 | 1400,524,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/23 10:00:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3485599355-1547862124-2018766494-1000Core.job
[2012/07/23 09:53:17 | 000,767,136 | ---- | M] () -- C:\Users\Petar\Desktop\2wweew.png
[2012/07/20 14:59:13 | 000,001,188 | ---- | M] () -- C:\Windows\System32\ServiceConfig.xml
[2012/07/16 23:12:10 | 000,001,108 | ---- | M] () -- C:\Users\Petar\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk
[2012/07/13 16:20:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/13 09:57:25 | 000,002,363 | ---- | M] () -- C:\Users\Petar\Desktop\Google Chrome.lnk
[2012/07/12 09:04:37 | 000,257,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/10 13:55:10 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012/07/05 11:17:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/07/05 10:32:49 | 000,001,104 | ---- | M] () -- C:\Users\Petar\Desktop\Mozilla Firefox.lnk
[2012/07/03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/03 18:21:53 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/07/03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/06/29 11:11:22 | 000,001,001 | ---- | M] () -- C:\Users\Petar\Desktop\Dropbox.lnk
[2012/06/29 11:10:14 | 000,001,011 | ---- | M] () -- C:\Users\Petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/29 09:18:15 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/29 09:06:55 | 000,001,411 | ---- | M] () -- C:\Users\Petar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/28 14:52:36 | 000,018,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/06/28 12:32:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/06/28 12:25:14 | 000,102,127 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/06/27 20:47:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/06/27 12:32:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf

========== Files Created - No Company Name ==========

[2012/07/23 09:53:16 | 000,767,136 | ---- | C] () -- C:\Users\Petar\Desktop\2wweew.png
[2012/07/20 14:59:13 | 000,001,188 | ---- | C] () -- C:\Windows\System32\ServiceConfig.xml
[2012/07/16 23:12:10 | 000,001,108 | ---- | C] () -- C:\Users\Petar\Application Data\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk
[2012/07/13 16:20:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/13 16:16:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/07/10 13:55:10 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012/07/10 13:55:10 | 000,000,819 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012/07/10 13:28:33 | 000,000,636 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/07/05 10:46:52 | 000,002,363 | ---- | C] () -- C:\Users\Petar\Desktop\Google Chrome.lnk
[2012/07/05 10:32:49 | 000,001,104 | ---- | C] () -- C:\Users\Petar\Desktop\Mozilla Firefox.lnk
[2012/07/02 16:37:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/29 13:10:26 | 000,002,543 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2012/06/29 12:50:54 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3485599355-1547862124-2018766494-1000UA.job
[2012/06/29 12:50:53 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3485599355-1547862124-2018766494-1000Core.job
[2012/06/29 11:11:22 | 000,001,001 | ---- | C] () -- C:\Users\Petar\Desktop\Dropbox.lnk
[2012/06/29 11:10:14 | 000,001,011 | ---- | C] () -- C:\Users\Petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/29 10:01:27 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/29 09:46:58 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/29 09:18:15 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/29 09:09:02 | 000,001,791 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/06/29 09:06:55 | 000,001,411 | ---- | C] () -- C:\Users\Petar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/28 12:32:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/06/28 12:27:36 | 000,001,417 | ---- | C] () -- C:\Users\Petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/28 12:27:16 | 000,000,290 | ---- | C] () -- C:\Users\Petar\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/28 12:27:16 | 000,000,272 | ---- | C] () -- C:\Users\Petar\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/06/27 20:47:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/06/27 20:45:27 | 1400,524,800 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/27 13:11:35 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012/06/27 12:32:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/06/27 12:28:56 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2012/06/27 12:28:56 | 000,042,510 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT
[2012/06/27 12:28:56 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2012/06/27 12:28:56 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2012/06/27 12:28:56 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2012/06/27 12:28:56 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2012/06/27 12:28:56 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2012/06/27 12:28:56 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2012/06/27 12:28:56 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012/05/22 14:11:31 | 000,557,056 | ---- | C] () -- C:\Windows\System32\softcoin.dll
[2012/05/22 14:11:30 | 000,364,544 | ---- | C] () -- C:\Windows\System32\gencoin.dll
[2012/01/10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/01/10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/01/10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012/01/10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/10 21:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/01/10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

========== LOP Check ==========

[2012/07/17 00:18:55 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\BSplayer
[2012/07/16 23:12:00 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\BSplayer Pro
[2012/07/24 10:54:36 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\Dropbox
[2012/06/29 10:10:45 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\Foxit Software
[2012/06/29 09:09:03 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\Opera
[2012/07/24 10:50:36 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\SoftGrid Client
[2012/06/28 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\TP
[2012/07/17 09:08:00 | 000,012,666 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
CompCav
Posted 03 August 2012 - 02:27 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, Crazy North! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 3.

Re-run OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 4.

Please post:

all RKreport.txt logs
aswMBR log
OTL.txt
Extras.txt

Give me an update on your computer's issues.
  • 0

#3
Crazy North
Posted 03 August 2012 - 05:22 PM

Crazy North

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I'm sorry man, I'm going on a holiday tomorrow morning and i'm returning to work in 2 weeks... If it's possible, don't close the topic but just leave it as it is...I'll get back to this problem when I return from the seaside ;)

Thanks a lot
  • 0

#4
CompCav
Posted 03 August 2012 - 05:55 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Enjoy! :thumbsup:
  • 0

#5
Crazy North
Posted 27 August 2012 - 02:33 AM

Crazy North

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hi CompCav,

I recently returned from my holidays and am now back to work so I took the time to do scans today. I didn't experience much problems with my computer these days. Here are the logs you requested. Thanks.

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Petar [Admin rights]
Mode : Scan -- Date : 08/27/2012 10:09:48

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3259GSXP ATA Device +++++
--- User ---
[MBR] e0344acfe75e16cad7c315b3aec2951c
[BSP] 794756d66aeb1566760d17d9c2e94d1a : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 100144 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 205301760 | Size: 204999 Mo
User = LL1 ... OK!
User = LL2 ... OK!



RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Petar [Admin rights]
Mode : Remove -- Date : 08/27/2012 10:10:58

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3259GSXP ATA Device +++++
--- User ---
[MBR] e0344acfe75e16cad7c315b3aec2951c
[BSP] 794756d66aeb1566760d17d9c2e94d1a : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 100144 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 205301760 | Size: 204999 Mo
User = LL1 ... OK!
User = LL2 ... OK!



RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Petar [Admin rights]
Mode : HOSTSFix -- Date : 08/27/2012 10:11:08

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 10:12:18
-----------------------------
10:12:18.619 OS Version: Windows 6.1.7601 Service Pack 1
10:12:18.619 Number of processors: 2 586 0x2505
10:12:18.619 ComputerName: PETAR-PC UserName: Petar
10:12:19.309 Initialize success
10:12:19.569 AVAST engine defs: 12082601
10:12:29.011 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:12:29.021 Disk 0 Vendor: TOSHIBA_MK3259GSXP GN003J Size: 305245MB BusType: 11
10:12:29.106 Disk 0 MBR read successfully
10:12:29.106 Disk 0 MBR scan
10:12:29.122 Disk 0 Windows 7 default MBR code
10:12:29.137 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:12:29.153 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100144 MB offset 206848
10:12:29.169 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 204999 MB offset 205301760
10:12:29.262 Disk 0 scanning sectors +625139712
10:12:29.356 Disk 0 scanning C:\Windows\system32\drivers
10:12:35.052 Service scanning
10:12:55.609 Modules scanning
10:13:08.906 Disk 0 trace - called modules:
10:13:08.936 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
10:13:08.946 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858e45f8]
10:13:08.956 3 CLASSPNP.SYS[8927359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857c7030]
10:13:09.765 AVAST engine scan C:\Windows
10:13:11.117 AVAST engine scan C:\Windows\system32
10:14:29.101 AVAST engine scan C:\Windows\system32\drivers
10:14:37.017 AVAST engine scan C:\Users\Petar
10:15:18.927 Disk 0 MBR has been saved successfully to "C:\Users\Petar\Desktop\MBR.dat"
10:15:18.943 The log file has been saved successfully to "C:\Users\Petar\Desktop\aswMBR.txt"




OTL logfile created on: 8/27/2012 10:19:49 AM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Petar\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Serbia | Language: SRM | Date Format: d.M.yyyy

1.74 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 68.87% Memory free
3.48 Gb Paging File | 2.74 Gb Available in Paging File | 78.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.80 Gb Total Space | 78.10 Gb Free Space | 79.86% Space Free | Partition Type: NTFS
Drive D: | 200.19 Gb Total Space | 199.35 Gb Free Space | 99.58% Space Free | Partition Type: NTFS

Computer Name: PETAR-PC | User Name: Petar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/27 10:16:42 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Petar\Desktop\OTL.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2012/06/14 04:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Petar\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/16 18:13:16 | 002,538,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/09/16 18:13:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/07/14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/10 21:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll


========== Services (SafeList) ==========

SRV - [2012/08/15 12:29:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/19 09:15:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/09/16 18:13:16 | 002,538,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/09/16 18:13:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/12/02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Petar\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/07/03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 18:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/06/28 14:52:36 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/03/22 22:44:50 | 000,069,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2011/03/12 03:54:20 | 002,158,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/12/02 01:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009/12/02 22:23:52 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2009/12/02 22:23:50 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009/12/02 22:23:48 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2009/12/02 22:23:46 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/09/17 20:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3485599355-1547862124-2018766494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3485599355-1547862124-2018766494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-Latn-RS
IE - HKU\S-1-5-21-3485599355-1547862124-2018766494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 76 D5 C6 C5 55 CD 01 [binary data]
IE - HKU\S-1-5-21-3485599355-1547862124-2018766494-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3485599355-1547862124-2018766494-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3485599355-1547862124-2018766494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3485599355-1547862124-2018766494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Petar\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Petar\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/05 11:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/23 09:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/16 10:14:08 | 000,000,000 | ---D | M]

[2012/06/29 10:01:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petar\AppData\Roaming\Mozilla\Extensions
[2012/07/26 09:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\1mskwki8.default\extensions
[2012/07/20 10:15:53 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Petar\AppData\Roaming\Mozilla\Firefox\Profiles\1mskwki8.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/06/29 10:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/26 09:17:55 | 000,276,167 | ---- | M] () (No name found) -- C:\USERS\PETAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1MSKWKI8.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012/07/19 09:15:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/06/15 00:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 00:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Petar\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Petar\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Petar\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Users\Petar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Petar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google \u043F\u0440\u0435\u0442\u0440\u0430\u0433\u0430 = C:\Users\Petar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Petar\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Gmail = C:\Users\Petar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/27 10:11:08 | 000,000,841 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3485599355-1547862124-2018766494-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Petar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Petar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.150.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{038BBB98-43F3-4A1E-8198-5AD8E39DC59E}: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D953264-64BE-4150-AA9E-6F9A801AC72E}: DhcpNameServer = 192.168.150.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/27 10:16:39 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Petar\Desktop\OTL.exe
[2012/08/27 10:11:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Petar\Desktop\aswMBR.exe
[2012/08/27 10:08:40 | 000,000,000 | ---D | C] -- C:\Users\Petar\Desktop\RK_Quarantine
[2012/08/16 10:16:25 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/08/16 10:13:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/15 16:37:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/15 16:37:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/15 16:37:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/15 16:37:26 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/15 16:37:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/15 16:37:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/15 16:37:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/15 09:50:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/15 09:50:56 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/08/01 14:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/08/01 14:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/01 14:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/08/01 14:56:18 | 000,687,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/08/01 14:56:17 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/08/01 14:56:17 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/01 14:55:59 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/01 14:55:59 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/01 14:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java

========== Files - Modified Within 30 Days ==========

[2012/08/27 10:16:42 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Petar\Desktop\OTL.exe
[2012/08/27 10:15:18 | 000,000,512 | ---- | M] () -- C:\Users\Petar\Desktop\MBR.dat
[2012/08/27 10:12:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Petar\Desktop\aswMBR.exe
[2012/08/27 10:07:40 | 001,367,040 | ---- | M] () -- C:\Users\Petar\Desktop\RogueKiller.exe
[2012/08/27 10:00:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3485599355-1547862124-2018766494-1000UA.job
[2012/08/27 10:00:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3485599355-1547862124-2018766494-1000Core.job
[2012/08/27 09:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/27 09:21:43 | 000,017,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/27 09:21:43 | 000,017,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/27 09:14:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/27 09:13:56 | 1400,524,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/22 09:13:20 | 000,002,415 | ---- | M] () -- C:\Users\Petar\Desktop\Google Chrome.lnk
[2012/08/21 17:00:25 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
[2012/08/16 10:12:16 | 000,257,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/15 12:29:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/15 12:29:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/03 09:07:21 | 000,607,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/03 09:07:21 | 000,103,754 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/01 14:55:51 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/01 14:55:50 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/01 14:55:49 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

========== Files Created - No Company Name ==========

[2012/08/27 10:15:18 | 000,000,512 | ---- | C] () -- C:\Users\Petar\Desktop\MBR.dat
[2012/08/27 10:07:39 | 001,367,040 | ---- | C] () -- C:\Users\Petar\Desktop\RogueKiller.exe
[2012/08/21 17:00:25 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012/06/27 12:28:56 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2012/06/27 12:28:56 | 000,042,510 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT
[2012/06/27 12:28:56 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2012/06/27 12:28:56 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2012/06/27 12:28:56 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2012/06/27 12:28:56 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2012/06/27 12:28:56 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2012/06/27 12:28:56 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2012/06/27 12:28:56 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012/05/22 14:11:31 | 000,557,056 | ---- | C] () -- C:\Windows\System32\softcoin.dll
[2012/05/22 14:11:30 | 000,364,544 | ---- | C] () -- C:\Windows\System32\gencoin.dll
[2012/01/10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/01/10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/01/10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012/01/10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/10 21:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/01/10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

========== LOP Check ==========

[2012/07/17 00:18:55 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\BSplayer
[2012/07/16 23:12:00 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\BSplayer Pro
[2012/08/27 10:14:24 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\Dropbox
[2012/06/29 10:10:45 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\Foxit Software
[2012/06/29 09:09:03 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\Opera
[2012/08/24 17:07:57 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\SoftGrid Client
[2012/06/28 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Petar\AppData\Roaming\TP
[2012/08/27 09:14:33 | 000,019,494 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2012/07/27 22:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 02:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2010/11/21 02:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 02:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2010/11/21 02:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2010/11/20 23:29:08 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{038BBB98-43F3-4A1E-8198-5AD8E39DC59E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{5D953264-64BE-4150-AA9E-6F9A801AC72E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{7C6A309D-8FAA-43CE-B7A0-C6ACCF550687}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/14 01:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 04 01 00 01 09 01 06 01 01 01 08 01 05 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/14 03:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 09:15:03 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 09:15:03 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 09:15:03 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/19 09:15:04 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 09:15:04 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 09:15:04 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/06/28 12:32:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/06/28 12:32:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/06/28 12:32:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012/06/29 09:09:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012/06/29 09:09:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012/06/29 09:09:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/06/29 09:09:02 | 000,874,384 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 09:15:03 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 09:15:03 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 09:15:03 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/19 09:15:04 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 09:15:04 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 09:15:04 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/06/28 12:32:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/06/28 12:32:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/06/28 12:32:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012/06/29 09:09:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012/06/29 09:09:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012/06/29 09:09:02 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/06/29 09:09:02 | 000,874,384 | ---- | M] (Opera Software)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >




OTL Extras logfile created on: 8/27/2012 10:19:49 AM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Petar\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Serbia | Language: SRM | Date Format: d.M.yyyy

1.74 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 68.87% Memory free
3.48 Gb Paging File | 2.74 Gb Available in Paging File | 78.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.80 Gb Total Space | 78.10 Gb Free Space | 79.86% Space Free | Partition Type: NTFS
Drive D: | 200.19 Gb Total Space | 199.35 Gb Free Space | 99.58% Space Free | Partition Type: NTFS

Computer Name: PETAR-PC | User Name: Petar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3485599355-1547862124-2018766494-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04FC1C6D-47C7-48CB-9332-BE3C814C0B1F}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{0DD18EBA-83BD-48F3-A1F2-572E03DC2B42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F7E7F57-8135-4D75-B475-A0ED32F10B58}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4332C1BC-7AD7-4E19-B3AA-B34A721A140F}" = protocol=17 | dir=in | app=c:\users\petar\appdata\roaming\dropbox\bin\dropbox.exe |
"{497FFBB6-1FAA-4A39-B8E4-E75F561CE850}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{5EC04C68-21F3-4966-AB72-2C2CBA9C6574}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{85F0958E-FD4E-468C-966F-375E0DA5DB02}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{BBA75BC5-4A77-4C84-8C07-60D92E706C58}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D438A9E3-BDCC-43C0-8B28-A903AD8554D7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC8E15BE-E333-4FCE-B230-4AECC85FE3B5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{FA7053D8-1163-4F4B-B351-601EB8E0BE7E}" = protocol=6 | dir=in | app=c:\users\petar\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C470AF22-9543-4CD5-9D0E-D49AC515A5E5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{D8EABDEB-CEEA-4E32-BE21-A687E600AFCD}C:\users\petar\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\petar\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0F9D94D5-1D67-43FB-AF84-8FA0DE30CBF5}C:\users\petar\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\petar\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{73B5C8E6-93A2-48BD-93DB-3EB95CAB7760}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BSPlayerf" = BS.Player FREE
"GIMP-2_is1" = GIMP 2.8.0
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Opera 12.00.1467" = Opera 12.00
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3485599355-1547862124-2018766494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2012 3:40:28 AM | Computer Name = Petar-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/15/2012 3:47:11 AM | Computer Name = Petar-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/16/2012 4:13:43 AM | Computer Name = Petar-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/20/2012 3:16:36 AM | Computer Name = Petar-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_LanmanServer, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: SSCORE.DLL, version: 6.1.7601.17514,
time stamp: 0x4ce795a6 Exception code: 0xc0000005 Fault offset: 0x00001513 Faulting
process id: 0x408 Faulting application start time: 0x01cd7ea3aa07ff2f Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\SSCORE.DLL
Report
Id: f9f995de-ea96-11e1-b2ea-e0699565ade4

Error - 8/20/2012 3:17:52 AM | Computer Name = Petar-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/20/2012 3:22:31 AM | Computer Name = Petar-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/21/2012 2:58:39 AM | Computer Name = Petar-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/21/2012 11:00:24 AM | Computer Name = Petar-PC | Source = VSS | ID = 13
Description =

Error - 8/21/2012 11:00:24 AM | Computer Name = Petar-PC | Source = VSS | ID = 13
Description =

Error - 8/21/2012 11:00:24 AM | Computer Name = Petar-PC | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 8/20/2012 3:16:40 AM | Computer Name = Petar-PC | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 8/20/2012 3:16:40 AM | Computer Name = Petar-PC | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 8/20/2012 3:16:40 AM | Computer Name = Petar-PC | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 8/20/2012 3:16:40 AM | Computer Name = Petar-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 8/20/2012 3:16:40 AM | Computer Name = Petar-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 8/20/2012 3:17:40 AM | Computer Name = Petar-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 8/20/2012 3:17:40 AM | Computer Name = Petar-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Shell Hardware Detection service,
but this action failed with the following error: %%1056

Error - 8/20/2012 3:18:40 AM | Computer Name = Petar-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 8/20/2012 3:21:00 AM | Computer Name = Petar-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 8/21/2012 2:57:10 AM | Computer Name = Petar-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE


< End of report >
  • 0

#6
CompCav
Posted 27 August 2012 - 08:32 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log

Please give me an update on how your computer is doing!
  • 0

#7
Crazy North
Posted 28 August 2012 - 02:58 AM

Crazy North

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Here are the requested logs. Not experiencing any problems at the moment.



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.28.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Petar :: PETAR-PC [administrator]

28.8.2012 10:00:04
mbam-log-2012-08-28 (10-00-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183936
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=99f474116ba46143beec189b7002fd51
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-28 08:50:31
# local_time=2012-08-28 10:50:31 (+0100, Central Europe Daylight Time)
# country="Serbia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 699 97772581 0 0
# compatibility_mode=8192 67108863 100 0 142 142 0 0
# scanned=87819
# found=0
# cleaned=0
# scan_time=2461




Results of screen317's Security Check version 0.99.48
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
  • 0

#8
CompCav
Posted 28 August 2012 - 06:25 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Your Java is out of date.

Step 1.

Clear the Java Cache by following the instructions here


Step 2.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Step 3.
You have two anti spyware products installed, MalwareBytes' and Ad-Aware. I recommend you only keep one resident so please uninstall Ad-Aware.


Step 4.

Please let me know once you have completed these steps how your computer is performing.
  • 0

#9
Crazy North
Posted 28 August 2012 - 07:33 AM

Crazy North

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Did everything. My computer at work seems to be working fine these days and I haven't had any obvious or visible problems. I guess this is it?

Thanks a lot for your help. Since I want to clean up my home computer as well (one that got infected first) I wanted to ask you is there any standard, pre-defined procedure for malware cleaning that I could use before I post a help topic here? If you could write a few basic steps that I could do myself before asking you busy people, that would be nice :) Usually I would just scan my computer with Avast antivirus and a malware cleaning program, and if that wouldn't help I wouldn't know what to do next except post here. Thankfully, I didn't have much problems with malware last few years so I didn't bother anyone here :)
  • 0

#10
CompCav
Posted 28 August 2012 - 09:58 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
:thumbsup: I guess this is it?
Yes!!

Since I want to clean up my home computer as well (one that got infected first) I wanted to ask you is there any standard, pre-defined procedure for malware cleaning that I could use before I post a help topic here?

The procedure depends on the issue. Here are tutorials on a variety of symptoms and here is the prep for entering a topic here on our site.


Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Your log now appears clean :thumbsup:

The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the Cleanup button. It will remove all the programs we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#11
Crazy North
Posted 29 August 2012 - 02:34 AM

Crazy North

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Thanks a lot for your help CompCav. As always GeeksToGo proves to be very reliable and helpful :)

All the best
  • 0

#12
CompCav
Posted 29 August 2012 - 07:57 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
:thumbsup:
  • 0

#13
CompCav
Posted 10 September 2012 - 01:19 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP