Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

migo

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

migo

Unread postby dugiotok » October 29th, 2012, 7:44 am

ComboFix 12-10-26.05 - Tata 27.10.2012 13:59:34.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.617 [GMT 2:00]
Running from: g:\firefox downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Bcool
c:\documents and settings\All Users\Application Data\Bcool\background.html
c:\documents and settings\All Users\Application Data\Bcool\bbgfaefccdalpfjkbahchnddjkjlljmi.crx
c:\documents and settings\All Users\Application Data\Bcool\content.js
c:\documents and settings\All Users\Application Data\Bcool\data\content.js
c:\documents and settings\All Users\Application Data\Bcool\data\jsondb.js
c:\documents and settings\All Users\Application Data\Bcool\settings.ini
c:\documents and settings\All Users\Application Data\Bcool\uninstall.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TheBflix
c:\documents and settings\All Users\Application Data\TheBflix\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx
c:\documents and settings\All Users\Application Data\TheBflix\background.html
c:\documents and settings\All Users\Application Data\TheBflix\bhoclass.dll
c:\documents and settings\All Users\Application Data\TheBflix\content.js
c:\documents and settings\All Users\Application Data\TheBflix\data\content.js
c:\documents and settings\All Users\Application Data\TheBflix\data\jsondb.js
c:\documents and settings\All Users\Application Data\TheBflix\settings.ini
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\content\uninsthk.js
c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\ffxtlbr@funmoods.com\install.rdf
c:\documents and settings\Tata\Application Data\PriceGong
c:\documents and settings\Tata\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Tata\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Tata\System
c:\documents and settings\Tata\System\win_qs7.jqx
c:\documents and settings\Tata\System\win_qs8.jqx
c:\documents and settings\Tata\WINDOWS
c:\program files\Funmoods\funmoods\1.5.11.16\bh\fuNMoods.dll
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_NVSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-27 to 2012-10-27 )))))))))))))))))))))))))))))))
.
.
2012-10-24 11:30 . 2012-10-24 11:30 -------- d-----w- c:\program files\Ask.com
2012-10-24 11:29 . 2012-10-24 11:46 -------- d-----w- c:\documents and settings\Tata\Local Settings\Application Data\AskToolbar
2012-10-23 18:45 . 2012-10-24 11:45 -------- d-----w- c:\documents and settings\Tata\Application Data\PerformerSoft
2012-10-23 18:42 . 2012-03-14 13:47 17464 ----a-w- c:\windows\system32\roboot.exe
2012-10-23 18:41 . 2012-10-23 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\IBUpdaterService
2012-10-21 11:09 . 2012-10-21 11:09 -------- d-----w- c:\program files\Common Files\Java
2012-10-21 11:08 . 2012-10-21 11:08 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-21 11:08 . 2012-10-21 11:08 -------- d-----w- c:\program files\Java
2012-10-19 07:51 . 2012-10-19 07:51 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-10-19 07:51 . 2012-10-19 07:51 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-10-19 07:51 . 2012-10-19 07:51 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-10-19 07:51 . 2012-10-19 07:51 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-10-19 07:51 . 2012-10-19 07:51 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-21 11:08 . 2012-06-11 10:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-21 11:08 . 2011-06-06 13:13 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-21 11:08 . 2010-06-04 16:26 746984 -c--a-w- c:\windows\system32\deployJava1.dll
2012-10-19 08:22 . 2012-06-11 10:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-19 08:22 . 2012-06-11 10:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-19 07:51 . 2011-11-16 15:35 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-08-08 1527496]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-08-08 16:15 1527496 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-08-08 1527496]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-08-08 1527496]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-26 39408]
"ePix Wallpaper"="d:\aplikacije\ePix\epix.exe" [2009-09-17 3476752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="d:\aplikacije\video playeri\real player\update\realsched.exe" [2012-05-26 296056]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-08-08 1644744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *????????? ????????
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-05-16 13:44 1084840 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-05-26 11:34 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-26 11:36 296056 ----a-w- d:\aplikacije\Video Playeri\Real Player\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="f:\my documents\Downloads\Reader\Reader_sl.exe"
"TkBellExe"="d:\aplikacije\video playeri\real player\update\realsched.exe" -osboot
"hpqSRMon"=f:\aplikacije\HP\Digital Imaging\bin\hpqSRMon.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Aplikacije\\Utorrent\\utorrent.exe"=
"d:\\Aplikacije\\TV na PC\\SopCast\\adv\\SopAdver.exe"=
"g:\\Firefox Downloads\\Skip_James_Studio_Sessions_Rare_and_Unreleased_2003_downloader_2171.exe"=
"c:\\Program Files\\ExpressFiles\\ExpressFiles.exe"=
"c:\\Program Files\\ExpressFiles\\ExpressDL.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Aplikacije\\TV na PC\\SopCast\\SopCast.exe"=
.
R2 IBUpdaterService;Updater Service;c:\documents and settings\All Users\Application Data\IBUpdaterService\ibsvc.exe [23.10.2012 20:41 620288]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18.5.2012 11:49 27632]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.11.2007 21:01 685816]
S2 713xTVCard;SAA7131 TV Card;c:\windows\system32\drivers\SAA713x.sys [15.3.2005 13:00 277504]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [8.11.2007 22:09 674048]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11.6.2012 12:30 250808]
S3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [20.3.2011 15:12 271104]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [7.12.2009 15:46 122504]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [24.11.2009 18:05 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [24.11.2009 18:05 11088]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 08:22]
.
2012-03-16 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21321289407.job
- d:\aplikacije\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 19:38]
.
2012-10-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-854245398-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-10-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-854245398-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.babylon.com/?babsrc=HP_s ... 304f691181
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 83.139.104.2 83.139.105.2
FF - ProfilePath - c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.accuweather.com/en/hr/zagreb ... .index.hr/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - ExtSQL: 2012-10-24 13:30; toolbar@ask.com; c:\documents and settings\Tata\Application Data\Mozilla\Firefox\Profiles\bzwul8li.default\extensions\toolbar@ask.com
FF - ExtSQL: !HIDDEN! 2009-10-30 16:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109982
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - 92b68bb000000000000000304f691181
FF - user.js: extensions.BabylonToolbar_i.hardId - 92b68bb000000000000000304f691181
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15433
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:04
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8rGq ... 26&search=
FF - user.js: extensions.incredibar_i.id - 92b68bb000000000000000304f691181
FF - user.js: extensions.incredibar_i.instlDay - 15462
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:46
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8rGq2s4b
FF - user.js: extensions.incredibar_i.upn2n - 92824290259139459
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 21%5F4
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=nv1&q=
FF - user.js: extensions.funmoods_i.id - 92b68bb000000000000000304f691181
FF - user.js: extensions.funmoods_i.instlDay - 15495
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1616:10
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic_i.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MON00005/tb_ ... rce=13&cc=
FF - user.js: extensions.Softonic.hpOld - hxxp://www.index.hr/
FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/MON00005/tb_ ... rce=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/MON00005/tb_ ... e=2&cc=&q=
FF - user.js: extensions.Softonic.dspOld - Search
FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic)
FF - user.js: extensions.Softonic_i.dnsErr - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MON00005/tb_ ... rce=15&cc=
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_ ... e=1&cc=&q=
FF - user.js: extensions.Softonic.id - 92b68bb000000000000000304f691181
FF - user.js: extensions.Softonic.instlDay - 15499
FF - user.js: extensions.Softonic.vrsn - 1.5.24.3
FF - user.js: extensions.Softonic.vrsni - 1.5.24.3
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.24.315:22
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - orgnl
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00001
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-DW7 - c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe
SafeBoot-aawservice
AddRemove-HijackThis - E:\HijackThis.exe
AddRemove-HP Photosmart Essential - f:\aplikacije\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe
AddRemove-{20E7BC40-33F6-4A81-9D52-B58349326206} - c:\documents and settings\All Users\Application Data\Bcool\uninstall.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-27 14:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-861567501-854245398-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\.qtl\Shell]
@DACL=(02 0000)
@="open"
.
[HKEY_LOCAL_MACHINE\software\Classes\Applications\nero.exe\shell]
@Class="REG_SZ"
@DACL=(02 0000)
@="open"
.
[HKEY_LOCAL_MACHINE\software\Classes\IMxVCDDVD\DefaultIcon]
@DACL=(02 0000)
@="d:\\Programi\\IMxVCDDVD.exe,1"
.
[HKEY_LOCAL_MACHINE\software\Classes\IMxVCDDVD\shell]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\KLCP ASF File\Shell]
@DACL=(02 0000)
@="open"
.
[HKEY_LOCAL_MACHINE\software\Classes\KLCP AVI File\Shell]
@DACL=(02 0000)
@="open"
.
[HKEY_LOCAL_MACHINE\software\Classes\KLCP FLV File\Shell]
@DACL=(02 0000)
@="open"
.
[HKEY_LOCAL_MACHINE\software\Classes\KLCP MP4 File\Shell]
@DACL=(02 0000)
@="open"
.
[HKEY_LOCAL_MACHINE\software\Classes\KLCP MPEG File\Shell]
@DACL=(02 0000)
@="open"
.
[HKEY_LOCAL_MACHINE\software\Classes\KLCP WMV File\Shell]
@DACL=(02 0000)
@="open"
.
[HKEY_LOCAL_MACHINE\software\Classes\QTA QuickTime File\Shell]
@DACL=(02 0000)
@="open"
.
[HKEY_LOCAL_MACHINE\software\Classes\QuickTime.QuickTime.5\CLSID]
@DACL=(02 0000)
@="{4063BE15-3B08-470D-A0D5-B37161CFFD69}"
.
[HKEY_LOCAL_MACHINE\software\Classes\QuickTime.QuickTime.5\NotInsertable]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\RA RealMedia File\Shell]
@DACL=(02 0000)
@="open"
.
[HKEY_LOCAL_MACHINE\software\Honestech\TV Plus\PCIE]
@DACL=(02 0000)
"PIPSwitch"=dword:00000000
"SoundSwitch"=dword:00000000
"AnalogSwitch"=dword:00000000
"DigitalSwitch"=dword:00000000
"SatelliteSwitch"=dword:00000000
"Language"=dword:ffffffff
"Color"="0"
.
[HKEY_LOCAL_MACHINE\software\Honestech\TV Plus\TV Plus]
@DACL=(02 0000)
"SortFR"=dword:0000802b
"SortID"=dword:00008003
.
[HKEY_LOCAL_MACHINE\software\KLCodecPack\Components]
@DACL=(02 0000)
"mpc"=dword:00000001
"ffdshow"=dword:00000001
"ffdshow_vfw"=dword:00000001
"ffdshow_plugins"=dword:00000001
"divx"=dword:00000001
"vp6"=dword:00000001
"vp7"=dword:00000001
"mpeg_video_cyberlink"=dword:00000001
"xvid_vfw"=dword:00000001
"divx_vfw"=dword:00000001
"wmv9vcm"=dword:00000001
"yv12"=dword:00000001
"qtalt"=dword:00000001
"qtalt_browser"=dword:00000001
"qtalt_directshow_parser"=dword:00000001
"qtalt_directshow_decoder"=dword:00000001
"realalt"=dword:00000001
"realalt_browser"=dword:00000001
"realalt_ds"=dword:00000001
"ds_mp3_fhg"=dword:00000001
"ac3filter"=dword:00000001
"vorbis"=dword:00000001
"musepack"=dword:00000001
"wavpack"=dword:00000001
"ape"=dword:00000001
"flac"=dword:00000001
"ac3acm"=dword:00000001
"haali_mp4"=dword:00000001
"haali_ogg"=dword:00000001
"haali_matroska"=dword:00000001
"flv"=dword:00000001
"ms_avi"=dword:00000001
"shoutcast"=dword:00000001
"orban"=dword:00000001
"vsfilter"=dword:00000001
"lamedropxpd"=dword:00000001
"oggdropxpd"=dword:00000001
"gspot"=dword:00000001
"vobsubstrip"=dword:00000001
"graphedit"=dword:00000001
"mmcompview"=dword:00000001
"detectbrokencodecs"=dword:00000001
"detectbrokenfilters"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\KLCodecPack\Tasks]
@DACL=(02 0000)
"mpc_renderer_overlay"=dword:00000001
"boostac3volume"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE UserData NT\RegBackup]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
@DACL=(02 0000)
"WMPlayer.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
"clview.exe"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
@DACL=(02 0000)
"ieuser.exe"=dword:00000001
"iexplore.exe"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
@DACL=(02 0000)
"YahooMusicEngine.exe"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
@DACL=(02 0000)
"devenv.exe"=dword:00000001
"dexplore.exe"=dword:00000001
"helppane.exe"=dword:00000001
"PresentationHost.exe"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
@DACL=(02 0000)
"WMPlayer.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
"clview.exe"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
@DACL=(02 0000)
"msiexec.exe"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@DACL=(02 0000)
"cs.exe"=dword:00000001
"waol.exe"=dword:00000001
"wm.exe"=dword:00000001
@=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
@DACL=(02 0000)
"iexplore.exe"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
@DACL=(02 0000)
"helppane.exe"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
@DACL=(02 0000)
"msimn.exe"=dword:00000001
"winmail.exe"=dword:00000001
"WMPlayer.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
"clview.exe"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
@DACL=(02 0000)
"WMPlayer.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
"clview.exe"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
@DACL=(02 0000)
"msimn.exe"=dword:00000001
"outlook.exe"=dword:00000001
"winmail.exe"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
@DACL=(02 0000)
"WMPlayer.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
"clview.exe"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
@DACL=(02 0000)
"excel.exe"=dword:00000001
"infopath.exe"=dword:00000001
"powerpnt.exe"=dword:00000001
"winword.exe"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
@DACL=(02 0000)
"WMPlayer.exe"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
@DACL=(02 0000)
"msn.exe"=dword:00000001
"msn6.exe"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\11.0]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\MLS]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player\Extensions\Types\Descriptions]
@DACL=(02 0000)
"50"="Matroska Media Files (*.mkv;*.mka;*.mks)"
"51"="MPEG-4 Media Files (*.mp4;*.m4a;*.m4b;*.m4v;*.mp4v;*.3gp;*.3g2)"
"52"="Ogg Media Files (*.ogm;*.ogg)"
"54"="Flash Video Files (*.flv)"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player\Extensions\Types\MUIDescriptions]
@DACL=(02 0000)
"50"="Matroska Media Files"
"51"="MPEG-4 Media Files"
"52"="Ogg Media Files"
"54"="Flash Video Files"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Services]
@DACL=(02 0000)
"NoServices"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Microsoft Windows Script 5.7\SP0\Windows Script\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\MSXML 2\SP6\KB887606_26\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Step By Step Interactive Training\SP2\KB923723\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows\SP1\IDNMitigationAPIs\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows\SP1\NLSDownlevelMapping\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows Media Format 11 runtime\SP0\WMFDist11\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows Media Player\SP0\KB911564\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows Media Player 11\SP0\wmp11\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows Media Player 6.4\SP0\KB925398_WMP64\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP-1\KB909520\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP0\KB923689\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP0\KB938127-IE7\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP0\KB939653-IE7\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP10\MSCompPackV1\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP2\Wudf01000\Filelist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage]
@DACL=(02 0000)
"DeviceInterface"="{53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players]
@DACL=(02 0000)
"DeviceInterface"="{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}"
"FilterParameter"="UseExtendedWmdm"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE]
@DACL=(02 0000)
"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE RNDIS]
@DACL=(02 0000)
"DeviceInterface"="{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
@DACL=(02 0000)
"ProgID"="MsScp.SCPTRANS.1"
.
[HKEY_LOCAL_MACHINE\software\On2 Technologies\VFW Encoder/Decoder Settings]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited\SpybotSnD]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3524)
c:\windows\system32\nview.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
d:\aplikacije\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\aplikacije\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\aplikacije\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
d:\aplikacije\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe
.
**************************************************************************
.
Completion time: 2012-10-27 14:31:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-27 12:31
.
Pre-Run: 16 804 855 808 bytes free
Post-Run: 16 779 780 096 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AE481E59D3BE08D7CC01BB5A43B6854A
You do not have the required permissions to view the files attached to this post.
dugiotok
Active Member
 
Posts: 1
Joined: October 28th, 2012, 8:42 am
Top
Advertisement
Register to Remove

Re: migo

Unread postby Cypher » October 29th, 2012, 7:51 am

ComboFix Log posted - no other log.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own, especially without the Recovery Console installed for XP or access to the Recovery Environment for Vista or Windows 7, is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

The instructions for running DDS found HERE, state how we need you to post the logs, so we can help you.
Please follow the instructions, start a new topic and post your logs, include your ComboFix log in the same post.


This topic is now closed
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Top
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 529 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index