Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

208.73.210.29 blocked by M.Anti-Malvare, cannot open some sites in any browser

Started by DejanS, Apr 14 2012 06:53 PM

208.73.210.29 cannot open sites isohunt

This topic is locked
Go to first unread post

79 replies to this topic

#61
DejanS

Posted 26 April 2012 - 07:05 PM

Regular Member

Honorary Members
54 posts

I uninstaled old and instaled new Java.
i didnt get those warnings about malicious IP yet.
Everzthng else is the same.
I checked out port 25 by using telnet command
it is blocked.
PC coudnt connect through that port.
I wonder what is blocking those ports...
I cannot send anything, I cannot get to some sites...

#62
Maniac

Posted 27 April 2012 - 02:15 AM

Forum Deity

Experts
17,078 posts

Gender:Male
Location:Bulgaria, EU

We have some progress.

Please post a new fresh OTL log file.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#63
DejanS

Posted 27 April 2012 - 04:09 AM

Regular Member

Honorary Members
54 posts

OTL logfile created on: 27.4.2012 10:52:58 - Run 2
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C1A | Country: Serbia and Montenegro | Language: SRB | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 62,16% Memory free
4,78 Gb Paging File | 4,15 Gb Available in Paging File | 86,77% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 1,96 Gb Free Space | 4,02% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 5,25 Gb Free Space | 2,85% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 6,45 Gb Free Space | 3,30% Space Free | Partition Type: NTFS
Drive G: | 75,13 Gb Total Space | 7,22 Gb Free Space | 9,60% Space Free | Partition Type: NTFS
Drive H: | 195,31 Gb Total Space | 11,27 Gb Free Space | 5,77% Space Free | Partition Type: NTFS

Computer Name: MOBILE | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.26 01:44:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.03.22 00:27:28 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 18:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.06.01 13:05:32 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011.01.12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe
PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.01.31 19:23:34 | 000,661,776 | -H-- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007.09.10 15:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.15 11:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe
PRC - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe

========== Modules (No Company Name) ==========

MOD - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe
MOD - [2010.10.22 17:29:54 | 000,133,120 | ---- | M] () -- C:\Program Files\Free Desktop Clock\Clock.dll
MOD - [2010.06.01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2007.06.07 21:11:12 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm
MOD - [2006.10.22 13:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006.10.22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
MOD - [2005.10.07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004.08.04 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2004.08.04 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.04.24 20:21:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.15 09:18:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\IGRICE\UltraStar Deluxe\zlportio.sys -- (zlportio)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vsc.sys -- (vsc32)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\WNt500x86\Sandra.sys -- (SANDRA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\User\LOCALS~1\Temp\pwtdypog.sys -- (pwtdypog)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\1151.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\YFH31BF.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdTools.sys -- (amdtools)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\AMDPCI.sys -- (AMDPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.02.18 16:12:12 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.12.21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.12.21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.12.21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.08.03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.05.26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009.09.09 14:18:57 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.07.17 02:46:46 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2009.06.22 19:38:18 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:24:48 | 000,100,480 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.04.05 02:33:14 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008.05.28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008.01.30 23:41:08 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008.01.30 23:41:08 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.01.30 23:26:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.10.07 05:23:47 | 000,002,208 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nxsIO32.sys -- (nxsIO32)
DRV - [2007.10.04 05:24:42 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007.07.24 09:45:20 | 000,328,824 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007.07.11 10:20:26 | 000,201,848 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.05.14 23:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2007.05.14 23:40:16 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)
DRV - [2007.05.14 23:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.10 12:28:08 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.05.09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2006.11.23 17:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2006.11.21 23:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006.08.14 22:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006.06.19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.03.26 14:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.03.24 18:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006.03.13 11:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.12.22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.12.22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.12.22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005.12.21 11:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005.08.30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005.08.30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005.02.11 22:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004.10.26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004.08.11 06:42:28 | 000,454,815 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50)
DRV - [2004.08.04 07:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002.09.09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)
DRV - [2001.08.17 14:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.co...rket={Language}
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rm=1&toolbar=BT
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.01 13:06:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 20:21:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.08.21 07:32:52 | 000,000,000 | ---D | M]

[2011.01.20 15:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012.04.25 19:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions
[2011.03.23 15:24:57 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
[2012.03.19 22:18:59 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010.07.31 00:02:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}(2)
[2009.03.12 01:48:11 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)
[2012.03.30 05:35:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.14 18:24:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2011.11.13 00:21:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(3)
[2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Curacao) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}(2)
[2012.04.25 19:54:51 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.03.02 02:51:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.03.12 01:48:11 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\nasanightlaunch@example(2).com
[2009.05.15 09:09:38 | 000,002,042 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\facebook.xml
[2010.09.04 17:08:21 | 000,002,079 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\google.xml
[2012.04.17 06:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DM5592B1.DEFAULT\EXTENSIONS\BYM@SAVETHEWORLD.ORG.XPI
[2012.04.24 20:21:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Cortona VRML Client (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\WINDOWS\system32\npmirage.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2012.04.22 16:14:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {C11483F7-D7D8-4804-98D8-6055470BB989} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe ()
O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://test.catalog....b?1315113466093 (MUCatalogWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} http://pcpitstop.com...irus/PitPav.cab (AV Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.117.194.2 82.117.194.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E0A5C03-2F42-4E86-933C-CC9403ED7B2A}: DhcpNameServer = 82.117.194.2 82.117.194.3
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.04 05:15:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.04.27 03:45:06 | 000,000,000 | ---D | C] -- C:\gmer
[2012.04.27 00:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun
[2012.04.27 00:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.04.27 00:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Oracle
[2012.04.27 00:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012.04.27 00:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.04.27 00:40:42 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012.04.27 00:40:42 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012.04.27 00:40:42 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.04.27 00:40:42 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012.04.27 00:40:32 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.04.27 00:40:32 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.04.27 00:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\jdk1.7.0_04_combo
[2012.04.26 04:23:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.04.25 21:53:47 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012.04.25 19:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\QuickScan
[2012.04.25 06:53:24 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2012.04.25 04:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\OxyCube
[2012.04.25 04:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Oxygen Software
[2012.04.25 04:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Oxygen Software
[2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012.04.22 21:43:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.04.22 21:43:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.04.22 21:43:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.04.22 21:43:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.04.22 21:42:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.04.21 07:36:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012.04.17 08:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2012.04.17 08:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups
[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\HostsMan
[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HostsMan
[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\abelhadigital.com
[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
[2012.04.17 06:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.04.16 21:10:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.04.16 20:58:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.04.15 18:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller
[2012.04.15 18:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2012.04.14 18:35:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.04.06 16:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-_files
[2012.04.05 22:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Freemake
[2012.04.05 22:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freemake
[2012.04.05 22:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2012.03.30 16:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rovio
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.27 10:33:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003UA.job
[2012.04.27 10:32:19 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.27 03:59:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2012.04.27 03:46:46 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-527237240-725345543-1003.job
[2012.04.27 03:46:46 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job
[2012.04.27 02:36:22 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.04.27 00:54:30 | 000,596,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.27 00:54:30 | 000,125,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.27 00:48:55 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012.04.27 00:48:48 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.04.27 00:48:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.27 00:48:13 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.27 00:48:09 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.27 00:47:05 | 000,000,552 | ---- | M] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini
[2012.04.27 00:40:20 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012.04.27 00:40:20 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012.04.26 22:33:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003Core.job
[2012.04.26 04:33:30 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Tcpview.lnk
[2012.04.26 04:19:46 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012.04.26 01:32:14 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Outlook 2003.lnk
[2012.04.25 22:56:07 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2012.04.25 22:51:42 | 000,367,166 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2012.04.25 22:51:25 | 000,399,428 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2012.04.25 21:43:45 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2012.04.25 20:21:08 | 000,112,143 | ---- | M] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf
[2012.04.25 20:20:24 | 000,251,333 | ---- | M] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf
[2012.04.25 20:01:54 | 002,796,446 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG
[2012.04.25 19:26:53 | 000,080,458 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG
[2012.04.25 19:23:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012.04.25 06:56:23 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2012.04.25 04:47:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk
[2012.04.25 03:56:29 | 000,000,332 | ---- | M] () -- C:\WINDOWS\desctemp.dat
[2012.04.25 00:36:08 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012.04.24 08:39:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.24 08:36:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\My Documents\MBR.dat
[2012.04.23 14:05:31 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk
[2012.04.22 16:14:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.04.21 05:18:50 | 000,165,100 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar
[2012.04.19 03:57:21 | 000,193,536 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.17 23:43:06 | 000,133,224 | ---- | M] () -- C:\Documents and Settings\User\My Documents\krompir.pdf
[2012.04.17 18:38:49 | 000,337,325 | ---- | M] () -- C:\Documents and Settings\User\Desktop\FSS.exe
[2012.04.17 17:43:34 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe
[2012.04.17 08:08:42 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2012.04.17 06:32:37 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.04.17 06:32:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012.04.17 06:28:20 | 000,213,572 | ---- | M] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json
[2012.04.16 21:26:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Copy of hosts
[2012.04.15 18:31:24 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2012.04.15 18:30:41 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2012.04.15 18:30:26 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk
[2012.04.15 12:48:44 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe
[2012.04.13 20:43:17 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.04.13 20:43:17 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.04.12 19:30:41 | 001,850,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar
[2012.04.12 17:51:11 | 008,876,969 | ---- | M] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip
[2012.04.11 02:40:04 | 000,002,665 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Readon TV Movie Radio Player.lnk
[2012.04.08 05:53:24 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP-LINK.url
[2012.04.07 22:52:48 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk
[2012.04.07 00:28:56 | 000,042,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg
[2012.04.06 20:38:31 | 000,617,836 | ---- | M] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf
[2012.04.06 17:03:18 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url
[2012.04.06 16:38:11 | 000,139,610 | ---- | M] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm
[2012.04.05 22:39:23 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk
[2012.04.05 22:00:19 | 000,911,499 | ---- | M] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf
[2012.04.05 21:12:30 | 000,058,021 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg
[2012.04.04 18:47:36 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012.04.04 18:47:24 | 000,227,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012.04.04 18:47:08 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012.04.04 18:47:02 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012.03.31 23:20:45 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\User\Application Data\room_v3.dat
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.27 03:44:07 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.exe
[2012.04.27 00:58:33 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2012.04.26 04:33:30 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Tcpview.lnk
[2012.04.25 22:55:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012.04.25 22:51:42 | 000,367,166 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2012.04.25 22:51:25 | 000,399,428 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2012.04.25 21:43:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2012.04.25 20:22:25 | 000,251,333 | ---- | C] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf
[2012.04.25 20:22:25 | 000,112,143 | ---- | C] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf
[2012.04.25 19:26:53 | 000,080,458 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG
[2012.04.25 19:25:59 | 002,796,446 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG
[2012.04.25 04:47:00 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk
[2012.04.25 03:41:27 | 000,000,332 | ---- | C] () -- C:\WINDOWS\desctemp.dat
[2012.04.25 00:36:08 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012.04.25 00:36:08 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012.04.24 08:36:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\My Documents\MBR.dat
[2012.04.22 21:43:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.04.22 21:43:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.04.22 21:43:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.04.22 21:43:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.04.22 21:43:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.04.21 05:18:50 | 000,165,100 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar
[2012.04.17 23:43:16 | 000,133,224 | ---- | C] () -- C:\Documents and Settings\User\My Documents\krompir.pdf
[2012.04.17 18:39:21 | 000,337,325 | ---- | C] () -- C:\Documents and Settings\User\Desktop\FSS.exe
[2012.04.17 17:44:08 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe
[2012.04.17 08:08:42 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2012.04.17 06:32:37 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.04.17 06:32:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.17 06:32:37 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012.04.17 06:28:20 | 000,213,572 | ---- | C] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json
[2012.04.16 21:10:30 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012.04.16 21:10:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.04.15 18:31:24 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2012.04.15 18:30:41 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2012.04.15 18:30:26 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk
[2012.04.15 12:48:44 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe
[2012.04.12 19:30:40 | 001,850,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar
[2012.04.12 17:50:45 | 008,876,969 | ---- | C] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip
[2012.04.12 14:44:37 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job
[2012.04.07 22:52:48 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk
[2012.04.07 00:28:55 | 000,042,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg
[2012.04.06 20:38:30 | 000,617,836 | ---- | C] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf
[2012.04.06 16:38:10 | 000,139,610 | ---- | C] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm
[2012.04.06 16:08:18 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url
[2012.04.06 12:22:26 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-527237240-725345543-1003-0.dat
[2012.04.06 05:02:56 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012.04.05 22:39:23 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk
[2012.04.05 22:00:19 | 000,911,499 | ---- | C] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf
[2012.04.05 20:09:00 | 000,058,021 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg
[2012.01.24 15:37:35 | 000,014,368 | ---- | C] () -- C:\WINDOWS\skype.dat
[2012.01.24 15:37:05 | 000,032,854 | ---- | C] () -- C:\WINDOWS\iniLS.dat
[2012.01.04 20:30:14 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\nwsrmodn.dll
[2011.12.18 06:53:44 | 000,718,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011.09.05 01:11:49 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini
[2011.08.31 15:38:06 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI
[2011.08.31 15:19:01 | 000,000,370 | ---- | C] () -- C:\WINDOWS\dorp.dat
[2011.08.08 15:14:26 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.08.08 15:08:40 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011.07.28 16:08:22 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2011.07.18 19:33:58 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011.07.04 20:35:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.07.04 20:35:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.07.03 07:12:59 | 000,000,219 | ---- | C] () -- C:\WINDOWS\tropical_beaches1.ini
[2011.07.03 07:12:38 | 000,002,149 | ---- | C] () -- C:\WINDOWS\unins002.dat
[2011.07.03 07:11:01 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\bvcsky.dll
[2011.06.15 05:42:10 | 000,794,906 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2011.06.15 05:42:10 | 000,004,189 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f
[2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f
[2011.06.08 21:02:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.06.05 23:59:21 | 000,037,556 | ---- | C] () -- C:\WINDOWS\System32\Sylvunins.exe
[2011.06.05 20:40:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\UnInstall Tweety Time V4.exe
[2011.05.28 02:23:58 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room_v3.dat
[2011.05.08 02:09:39 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\rpicfica.bin
[2011.04.23 18:08:16 | 000,000,212 | ---- | C] () -- C:\WINDOWS\topocr.INI
[2011.04.14 02:09:53 | 000,000,108 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011.03.23 10:26:01 | 000,046,658 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room.dat
[2011.03.03 12:01:37 | 000,000,652 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011.01.15 12:41:36 | 000,000,170 | ---- | C] () -- C:\WINDOWS\game.ini
[2011.01.09 06:57:58 | 002,538,595 | ---- | C] () -- C:\Program Files\Audacity.rar
[2010.10.23 21:44:54 | 000,000,088 | ---- | C] () -- C:\WINDOWS\StyleBuilder.INI
[2010.10.19 05:48:04 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2010.09.29 19:35:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY.INI
[2010.09.14 12:07:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\SW_Win2000X9.DLL
[2010.09.14 12:05:54 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win3112X32.DLL
[2010.09.14 12:05:33 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\beconvlib.dll
[2010.09.14 12:05:33 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\bprgcomm.dll
[2010.09.14 12:05:33 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2010.09.14 12:05:33 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx151ic.ini
[2010.09.14 12:05:32 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SII_PDF.dll
[2010.09.14 12:05:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2010.09.14 12:05:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2010.09.14 12:05:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe

< End of report >

#64
DejanS

Posted 27 April 2012 - 04:12 AM

Regular Member

Honorary Members
54 posts

I scanned PC with GMER for rootkits. I dont see it find anything. If zou want I can post log here.
Thanks for your help, again.
I hope we will find alien

#65
Maniac

Posted 27 April 2012 - 04:18 AM

Forum Deity

Experts
17,078 posts

Gender:Male
Location:Bulgaria, EU

Temporarily disable your ESET Firewall and check the situation again:
http://kb.eset.com/e...ent&id=SOLN2853

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#66
DejanS

Posted 27 April 2012 - 09:42 AM

Regular Member

Honorary Members
54 posts

I followed instructions and disabled Eset. No changes in behaviour. I still cannot send emails (I can recieve those).
Upload speed is still zero.
I still cannot get to facebook, gmail, isohunt...
When I connect to yahoo messenger it always disconnecst me in minute or so, then it recconects me and then it works ok (though I cannot send anything there, it seems like I am connected just for chat, nothing else...).
I suppose I should activate Eset again.
Thanks again for help.

#67
DejanS

Posted 27 April 2012 - 09:44 AM

Regular Member

Honorary Members
54 posts

I forgot to say - last anti-malware warning about malicious IP appeared zesterdaz at noon. I hope that it is sign we at least succeed to get rid if that one...

#68
DejanS

Posted 28 April 2012 - 08:20 PM

Regular Member

Honorary Members
54 posts

Any ideas?

#69
Maniac

Posted 29 April 2012 - 05:28 AM

Forum Deity

Experts
17,078 posts

Gender:Male
Location:Bulgaria, EU

There is a new version of OTL. Please manually delete your copy, download a new fresh one and generate a new log file.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#70
DejanS

Posted 29 April 2012 - 08:41 PM

Regular Member

Honorary Members
54 posts

OTL logfile created on: 30.4.2012 3:12:42 - Run 3
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C1A | Country: Serbia and Montenegro | Language: SRB | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,36% Memory free
4,78 Gb Paging File | 4,17 Gb Available in Paging File | 87,24% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 1,52 Gb Free Space | 3,11% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 5,25 Gb Free Space | 2,85% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 6,43 Gb Free Space | 3,29% Space Free | Partition Type: NTFS
Drive G: | 75,13 Gb Total Space | 7,22 Gb Free Space | 9,60% Space Free | Partition Type: NTFS
Drive H: | 195,31 Gb Total Space | 11,27 Gb Free Space | 5,77% Space Free | Partition Type: NTFS

Computer Name: MOBILE | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.29 22:51:01 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\new OTL.exe
PRC - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.03.22 00:27:28 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 18:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.06.01 13:05:32 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011.01.12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe
PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.01.31 19:23:34 | 000,661,776 | -H-- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007.09.10 15:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.15 11:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe
PRC - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe

========== Modules (No Company Name) ==========

MOD - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe
MOD - [2010.10.22 17:29:54 | 000,133,120 | ---- | M] () -- C:\Program Files\Free Desktop Clock\Clock.dll
MOD - [2010.06.01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2007.06.07 21:11:12 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm
MOD - [2006.10.22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
MOD - [2004.08.04 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.04.24 20:21:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.15 09:18:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\IGRICE\UltraStar Deluxe\zlportio.sys -- (zlportio)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vsc.sys -- (vsc32)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\WNt500x86\Sandra.sys -- (SANDRA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mferkdet.sys -- (mferkdet)
DRV - File not found [Kernel | Boot | Running] -- system32\drivers\mfehidk.sys -- (mfehidk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\1151.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\YFH31BF.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdTools.sys -- (amdtools)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\AMDPCI.sys -- (AMDPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.02.18 16:12:12 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.12.21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.12.21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.12.21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.08.03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.05.26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009.09.09 14:18:57 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.07.17 02:46:46 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2009.06.22 19:38:18 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:24:48 | 000,100,480 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.04.05 02:33:14 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008.05.28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008.01.30 23:41:08 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008.01.30 23:41:08 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.01.30 23:26:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007.10.07 05:23:47 | 000,002,208 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nxsIO32.sys -- (nxsIO32)
DRV - [2007.10.04 05:24:42 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007.07.24 09:45:20 | 000,328,824 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007.07.11 10:20:26 | 000,201,848 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.05.14 23:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2007.05.14 23:40:16 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)
DRV - [2007.05.14 23:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.05.10 12:28:08 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.05.09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2006.11.23 17:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2006.11.21 23:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006.08.14 22:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006.06.19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.03.26 14:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.03.24 18:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006.03.13 11:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.12.22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.12.22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.12.22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005.12.21 11:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005.08.30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005.08.30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005.02.11 22:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004.10.26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004.08.11 06:42:28 | 000,454,815 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50)
DRV - [2004.08.04 07:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002.09.09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)
DRV - [2001.08.17 14:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.co...rket={Language}
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...rm=1&toolbar=BT
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.01 13:06:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 20:21:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.08.21 07:32:52 | 000,000,000 | ---D | M]

[2011.01.20 15:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012.04.25 19:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions
[2011.03.23 15:24:57 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
[2012.03.19 22:18:59 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010.07.31 00:02:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}(2)
[2009.03.12 01:48:11 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)
[2012.03.30 05:35:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.14 18:24:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2011.11.13 00:21:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(3)
[2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Curacao) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}(2)
[2012.04.25 19:54:51 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.03.02 02:51:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.03.12 01:48:11 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\nasanightlaunch@example(2).com
[2009.05.15 09:09:38 | 000,002,042 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\facebook.xml
[2010.09.04 17:08:21 | 000,002,079 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\google.xml
[2012.04.17 06:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DM5592B1.DEFAULT\EXTENSIONS\BYM@SAVETHEWORLD.ORG.XPI
[2012.04.24 20:21:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Cortona VRML Client (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\WINDOWS\system32\npmirage.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2012.04.22 16:14:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {C11483F7-D7D8-4804-98D8-6055470BB989} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)
O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe ()
O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://test.catalog....b?1315113466093 (MUCatalogWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} http://pcpitstop.com...irus/PitPav.cab (AV Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.117.194.2 82.117.194.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E0A5C03-2F42-4E86-933C-CC9403ED7B2A}: DhcpNameServer = 82.117.194.2 82.117.194.3
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.04 05:15:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.04.30 01:35:14 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.7631.deleteme
[2012.04.30 01:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegistryNuke 2012
[2012.04.30 00:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryNuke 2012
[2012.04.29 21:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012.04.27 03:45:06 | 000,000,000 | ---D | C] -- C:\gmer
[2012.04.27 00:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun
[2012.04.27 00:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.04.27 00:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Oracle
[2012.04.27 00:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012.04.27 00:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.04.27 00:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\jdk1.7.0_04_combo
[2012.04.26 04:23:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.04.25 21:53:47 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012.04.25 19:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\QuickScan
[2012.04.25 06:53:24 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2012.04.25 04:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\OxyCube
[2012.04.25 04:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Oxygen Software
[2012.04.25 04:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Oxygen Software
[2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012.04.22 21:43:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.04.22 21:43:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.04.22 21:43:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.04.22 21:43:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.04.22 21:42:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.04.21 07:36:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012.04.17 08:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2012.04.17 08:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups
[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\HostsMan
[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HostsMan
[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\abelhadigital.com
[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
[2012.04.17 06:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.04.16 21:10:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.04.16 20:58:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.04.15 18:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller
[2012.04.15 18:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2012.04.14 18:35:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.04.06 16:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-_files
[2012.04.05 22:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Freemake
[2012.04.05 22:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freemake
[2012.04.05 22:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.30 03:09:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-527237240-725345543-1003.job
[2012.04.30 03:09:43 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job
[2012.04.30 02:33:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003UA.job
[2012.04.30 02:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.30 02:04:42 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012.04.30 01:35:11 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.7631.deleteme
[2012.04.30 01:29:27 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2012.04.30 01:23:56 | 000,596,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.30 01:23:56 | 000,125,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.30 01:19:28 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.04.30 01:19:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.30 01:18:55 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012.04.30 01:18:50 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.30 01:18:10 | 000,000,552 | ---- | M] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini
[2012.04.30 01:00:04 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryNuke 2012.lnk
[2012.04.30 00:58:45 | 065,404,930 | ---- | M] () -- C:\registry april2012.reg
[2012.04.30 00:58:04 | 162,660,354 | ---- | M] () -- C:\Documents and Settings\User\My Documents\april2012.reg
[2012.04.29 22:53:22 | 000,000,372 | RHS- | M] () -- C:\boot.ini
[2012.04.29 22:33:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003Core.job
[2012.04.29 15:34:50 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Outlook 2003.lnk
[2012.04.29 06:25:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.04.28 22:36:38 | 000,007,504 | ---- | M] () -- C:\Documents and Settings\User\Desktop\config TP LINK.bin
[2012.04.27 02:36:22 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.04.26 04:33:30 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Tcpview.lnk
[2012.04.25 22:56:07 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2012.04.25 22:51:42 | 000,367,166 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2012.04.25 22:51:25 | 000,399,428 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2012.04.25 21:43:45 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2012.04.25 20:21:08 | 000,112,143 | ---- | M] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf
[2012.04.25 20:20:24 | 000,251,333 | ---- | M] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf
[2012.04.25 20:01:54 | 002,796,446 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG
[2012.04.25 19:26:53 | 000,080,458 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG
[2012.04.25 19:23:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012.04.25 06:56:23 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2012.04.25 04:47:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk
[2012.04.25 03:56:29 | 000,000,332 | ---- | M] () -- C:\WINDOWS\desctemp.dat
[2012.04.25 00:36:08 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012.04.24 08:36:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\My Documents\MBR.dat
[2012.04.23 14:05:31 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk
[2012.04.22 16:14:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.04.21 05:18:50 | 000,165,100 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar
[2012.04.19 03:57:21 | 000,193,536 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.17 23:43:06 | 000,133,224 | ---- | M] () -- C:\Documents and Settings\User\My Documents\krompir.pdf
[2012.04.17 18:38:49 | 000,337,325 | ---- | M] () -- C:\Documents and Settings\User\Desktop\FSS.exe
[2012.04.17 17:43:34 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe
[2012.04.17 08:08:42 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2012.04.17 06:32:37 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.04.17 06:32:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012.04.17 06:28:20 | 000,213,572 | ---- | M] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json
[2012.04.16 21:26:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Copy of hosts
[2012.04.15 18:31:24 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2012.04.15 18:30:41 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2012.04.15 18:30:26 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk
[2012.04.15 12:48:44 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe
[2012.04.13 20:43:17 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012.04.13 20:43:17 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012.04.12 19:30:41 | 001,850,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar
[2012.04.12 17:51:11 | 008,876,969 | ---- | M] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip
[2012.04.11 02:40:04 | 000,002,665 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Readon TV Movie Radio Player.lnk
[2012.04.08 05:53:24 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP-LINK.url
[2012.04.07 22:52:48 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk
[2012.04.07 00:28:56 | 000,042,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg
[2012.04.06 20:38:31 | 000,617,836 | ---- | M] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf
[2012.04.06 17:03:18 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url
[2012.04.06 16:38:11 | 000,139,610 | ---- | M] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm
[2012.04.05 22:39:23 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk
[2012.04.05 22:00:19 | 000,911,499 | ---- | M] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf
[2012.04.05 21:12:30 | 000,058,021 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg
[2012.03.31 23:20:45 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\User\Application Data\room_v3.dat
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.30 01:29:27 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2012.04.30 01:00:04 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryNuke 2012.lnk
[2012.04.30 00:58:28 | 065,404,930 | ---- | C] () -- C:\registry april2012.reg
[2012.04.30 00:56:45 | 162,660,354 | ---- | C] () -- C:\Documents and Settings\User\My Documents\april2012.reg
[2012.04.28 22:36:37 | 000,007,504 | ---- | C] () -- C:\Documents and Settings\User\Desktop\config TP LINK.bin
[2012.04.27 03:44:07 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.exe
[2012.04.26 04:33:30 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Tcpview.lnk
[2012.04.25 22:55:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012.04.25 22:51:42 | 000,367,166 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache
[2012.04.25 22:51:25 | 000,399,428 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache
[2012.04.25 21:43:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache
[2012.04.25 20:22:25 | 000,251,333 | ---- | C] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf
[2012.04.25 20:22:25 | 000,112,143 | ---- | C] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf
[2012.04.25 19:26:53 | 000,080,458 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG
[2012.04.25 19:25:59 | 002,796,446 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG
[2012.04.25 04:47:00 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk
[2012.04.25 03:41:27 | 000,000,332 | ---- | C] () -- C:\WINDOWS\desctemp.dat
[2012.04.25 00:36:08 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012.04.25 00:36:08 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012.04.24 08:36:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\My Documents\MBR.dat
[2012.04.22 21:43:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.04.22 21:43:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.04.22 21:43:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.04.22 21:43:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.04.22 21:43:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.04.21 05:18:50 | 000,165,100 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar
[2012.04.17 23:43:16 | 000,133,224 | ---- | C] () -- C:\Documents and Settings\User\My Documents\krompir.pdf
[2012.04.17 18:39:21 | 000,337,325 | ---- | C] () -- C:\Documents and Settings\User\Desktop\FSS.exe
[2012.04.17 17:44:08 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe
[2012.04.17 08:08:42 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2012.04.17 06:32:37 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.04.17 06:32:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.17 06:32:37 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012.04.17 06:28:20 | 000,213,572 | ---- | C] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json
[2012.04.16 21:10:30 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012.04.16 21:10:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.04.15 18:31:24 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc
[2012.04.15 18:30:41 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2012.04.15 18:30:26 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk
[2012.04.15 12:48:44 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe
[2012.04.12 19:30:40 | 001,850,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar
[2012.04.12 17:50:45 | 008,876,969 | ---- | C] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip
[2012.04.12 14:44:37 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job
[2012.04.07 22:52:48 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk
[2012.04.07 00:28:55 | 000,042,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg
[2012.04.06 20:38:30 | 000,617,836 | ---- | C] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf
[2012.04.06 16:38:10 | 000,139,610 | ---- | C] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm
[2012.04.06 16:08:18 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url
[2012.04.06 12:22:26 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-527237240-725345543-1003-0.dat
[2012.04.06 05:02:56 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012.04.05 22:39:23 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk
[2012.04.05 22:00:19 | 000,911,499 | ---- | C] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf
[2012.04.05 20:09:00 | 000,058,021 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg
[2012.01.24 15:37:35 | 000,014,368 | ---- | C] () -- C:\WINDOWS\skype.dat
[2012.01.24 15:37:05 | 000,032,854 | ---- | C] () -- C:\WINDOWS\iniLS.dat
[2012.01.04 20:30:14 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\nwsrmodn.dll
[2011.12.18 06:53:44 | 000,718,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011.09.05 01:11:49 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini
[2011.08.31 15:38:06 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI
[2011.08.31 15:19:01 | 000,000,370 | ---- | C] () -- C:\WINDOWS\dorp.dat
[2011.08.08 15:14:26 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.08.08 15:08:40 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011.07.28 16:08:22 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2011.07.18 19:33:58 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun
[2011.07.04 20:35:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.07.04 20:35:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.07.03 07:12:59 | 000,000,219 | ---- | C] () -- C:\WINDOWS\tropical_beaches1.ini
[2011.07.03 07:12:38 | 000,002,149 | ---- | C] () -- C:\WINDOWS\unins002.dat
[2011.07.03 07:11:01 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\bvcsky.dll
[2011.06.15 05:42:10 | 000,794,906 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2011.06.15 05:42:10 | 000,004,189 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f
[2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f
[2011.06.08 21:02:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.06.05 23:59:21 | 000,037,556 | ---- | C] () -- C:\WINDOWS\System32\Sylvunins.exe
[2011.06.05 20:40:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\UnInstall Tweety Time V4.exe
[2011.05.28 02:23:58 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room_v3.dat
[2011.05.08 02:09:39 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\rpicfica.bin
[2011.04.23 18:08:16 | 000,000,212 | ---- | C] () -- C:\WINDOWS\topocr.INI
[2011.04.14 02:09:53 | 000,000,108 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011.03.23 10:26:01 | 000,046,658 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room.dat
[2011.03.03 12:01:37 | 000,000,652 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011.01.15 12:41:36 | 000,000,170 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.10.23 21:44:54 | 000,000,088 | ---- | C] () -- C:\WINDOWS\StyleBuilder.INI
[2010.10.19 05:48:04 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2010.09.29 19:35:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY.INI
[2010.09.14 12:07:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\SW_Win2000X9.DLL
[2010.09.14 12:05:54 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win3112X32.DLL
[2010.09.14 12:05:33 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\beconvlib.dll
[2010.09.14 12:05:33 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\bprgcomm.dll
[2010.09.14 12:05:33 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2010.09.14 12:05:33 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx151ic.ini
[2010.09.14 12:05:32 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SII_PDF.dll
[2010.09.14 12:05:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2010.09.14 12:05:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2010.09.14 12:05:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe

========== LOP Check ==========

[2012.04.17 06:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
[2007.10.04 05:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010.09.11 19:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision
[2011.10.03 20:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Antenna Magus
[2011.02.22 01:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2010.08.17 13:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010.01.31 19:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010.12.17 22:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2009.11.05 03:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2008.08.31 18:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buena Vista Games
[2008.11.10 19:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cabela's® Big Game Hunter III Saves
[2009.11.18 01:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloanto
[2008.12.17 22:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2011.02.18 16:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2007.12.03 14:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Default
[2011.01.22 12:03:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011.04.04 00:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012.02.12 15:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011.08.21 07:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.09.15 20:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4
[2008.07.25 12:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2011.07.01 18:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesForOne
[2010.02.03 05:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameXzone
[2010.09.24 17:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012.01.12 16:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011.11.04 10:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2008.09.21 20:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2011.06.28 13:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011.11.23 21:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeKSoft
[2011.11.23 21:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\o1rdee
[2010.09.24 17:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008.10.27 16:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011.04.14 00:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010.08.26 17:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011.08.22 14:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Readon
[2009.11.05 03:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2011.04.14 00:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011.04.21 02:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012.01.12 16:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010.08.25 15:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2011.07.28 16:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2011.07.28 16:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011.08.31 14:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
[2011.04.05 14:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009.05.18 17:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2012.01.12 16:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007.12.03 17:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Urban FreeStyle Soccer
[2010.09.17 20:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011.09.02 00:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VST3 Presets
[2009.09.21 06:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X3mE Yamb
[2010.08.08 21:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Z-Software
[2011.08.31 15:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2012.04.21 09:43:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009.05.28 14:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{27ED786F-D773-47F8-93EB-8A249414AD30}
[2011.11.23 05:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\.purple
[2009.05.31 20:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\123 Free Solitaire
[2011.07.01 17:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\1st Free Solitaire
[2011.11.04 11:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\2K Sports
[2009.12.04 04:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\3DFA
[2011.07.03 07:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\7art
[2012.04.17 06:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\abelhadigital.com
[2007.10.08 00:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ACD Systems
[2008.01.11 11:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Acoustica
[2011.04.03 14:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Activision
[2010.11.05 03:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AKVIS LLC
[2009.03.22 19:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Anvil Studio
[2011.01.24 07:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Apowersoft
[2010.06.03 19:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Astro Gemini Software
[2012.04.08 06:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Audacity
[2010.11.04 01:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auto FX Software
[2008.03.17 14:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AvexLab
[2008.08.29 14:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Big Fish Games
[2009.01.09 16:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Black Sea Studios
[2011.10.31 03:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BSplayer Pro
[2008.12.17 03:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ChaosPro
[2011.02.03 17:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Chessmaster Challenge
[2009.08.20 05:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Cloanto
[2007.12.02 16:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ConvertTemp
[2009.12.29 17:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\COWON
[2011.02.27 04:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Lite
[2011.09.27 17:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dekart
[2011.06.09 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DVD Catalyst 4
[2010.05.30 19:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\elefundesktops
[2009.09.11 17:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Eltima Software
[2010.11.15 14:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\enchant
[2011.08.21 07:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ESET
[2010.09.15 20:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\F4
[2008.04.07 17:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FDRLab
[2009.05.14 03:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FixerLabs
[2010.06.21 16:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\fltk.org
[2008.09.21 20:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GameHouse
[2010.12.17 22:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GameRanger
[2008.07.26 19:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Games
[2008.08.11 00:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GamesCafe
[2011.07.01 18:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GamesForOne
[2012.03.28 06:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2011.07.01 18:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Goodsol
[2008.10.27 04:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GrassGames
[2012.04.20 04:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0
[2011.01.20 22:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Hornil
[2011.06.25 04:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Hoyle
[2010.02.08 20:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Hoyle FaceCreator
[2007.12.30 17:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2008.12.22 20:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LEAPS
[2012.02.09 23:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Licenses_
[2011.04.14 23:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LockHunter
[2010.08.27 10:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LolClient
[2008.10.23 01:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MailWasher
[2012.04.29 21:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MailWasherPro
[2011.07.04 18:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Marine Aquarium 3
[2009.10.05 19:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mikrotik
[2008.10.16 21:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mount&Blade
[2011.02.03 15:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mount&Blade Warband
[2011.06.18 08:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mount&Blade With Fire and Sword
[2010.06.05 10:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mp3tag
[2012.02.12 18:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Need for Speed World
[2009.09.21 04:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Neverball
[2010.09.24 17:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia
[2009.09.04 00:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2012.04.27 00:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2007.10.22 02:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Orbit
[2011.12.15 08:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OxelonMC
[2012.04.25 04:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OxyCube
[2010.09.24 17:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
[2008.12.22 20:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Pegasys Inc
[2010.01.30 05:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PhoneRemoteControl
[2008.10.27 16:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst
[2011.04.05 14:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PunkBuster
[2008.08.13 10:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PySolFC
[2010.06.09 23:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\qs
[2012.04.25 20:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2012.03.30 16:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Rovio
[2009.12.01 15:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\runic games
[2007.12.02 16:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Samsung
[2009.09.24 15:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ScummVM
[2009.05.28 14:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Seven Zip
[2010.08.25 15:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive
[2011.09.02 00:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Steinberg
[2009.10.29 02:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Synthesia
[2007.12.02 16:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Temporary
[2010.08.17 14:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Creative Assembly
[2011.08.28 01:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Longest Journey
[2010.01.04 04:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thinstall
[2010.11.25 17:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TransRender
[2008.12.08 17:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TuneUp Software
[2008.11.20 16:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubi.com
[2011.04.27 00:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ubisoft
[2009.05.18 17:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\UClick
[2012.01.12 17:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ulead Systems
[2009.04.03 02:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Uniblue
[2012.04.21 07:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2009.10.27 15:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\VitySoft
[2012.01.18 20:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Vso
[2012.02.09 08:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WeatherPulse
[2008.05.06 10:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WNR
[2009.09.21 06:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\X3mE Yamb
[2010.08.08 21:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Z-Software
[2011.08.31 15:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Zeon
[2012.02.24 13:10:39 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\photostageShakeIcon.job

========== Purity Check ==========

< End of report >

#71
DejanS

Posted 29 April 2012 - 08:44 PM

Regular Member

Honorary Members
54 posts

I checked out pc with Stinger (MC Afee). It found one generic type of trojan, Artemis (with lots of numbers in name). I have log file, if you want I can attach it too.
All the best

#72
Maniac

Posted 30 April 2012 - 04:09 AM

Forum Deity

Experts
17,078 posts

Gender:Male
Location:Bulgaria, EU

Yes, please. Post it in your next reply.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#73
DejanS

Posted 30 April 2012 - 05:09 AM

Regular Member

Honorary Members
54 posts

McAfee® Labs Stinger™ Version 10.2.0.599 built on Apr 27 2012
Copyright © 2011 McAfee, Inc. All Rights Reserved.
Virus data file v1000.0000 created on Apr 27 2012.
Ready to scan for 4321 viruses, trojans and variants.

Scan initiated on Sun Apr 29 21:56:49 2012
Rootkit scan result : Not Scanned

Master Boot Record(s):....2
Possibly Infected:.............0
Boot Sector(s):.................5
Possibly Infected: ............0

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76183
Found the Artemis!DAAB7C794B82 trojan !!!
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76183 is infected with the Artemis!DAAB7C794B82 virus !!!
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76183 has been deleted.
C:\Program Files\WSC install\WSCV5\start.exe
Found the Artemis!6890C484BDC2 trojan !!!
C:\Program Files\WSC install\WSCV5\start.exe is infected with the Artemis!6890C484BDC2 virus !!!
C:\Program Files\WSC install\WSCV5\start.exe has been deleted.
C:\Program Files\WSC install\WSCV5.exe\START.EXE
Found the Artemis!6890C484BDC2 trojan !!!
C:\Program Files\WSC install\WSCV5.exe\START.EXE is infected with the Artemis!6890C484BDC2 virus !!!
C:\Program Files\WSC install\WSCV5.exe\START.EXE could not be repaired.
C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP10\A0002633.exe
Found the Artemis!6890C484BDC2 trojan !!!
C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP10\A0002633.exe is infected with the Artemis!6890C484BDC2 virus !!!
C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP10\A0002633.exe has been deleted.
Number of clean files: 663330
Number of infected files: 4
Number of files cleaned: 3

#74
DejanS

Posted 30 April 2012 - 05:18 AM

Regular Member

Honorary Members
54 posts

I don't know if this will help: I noticed that something doesn't allow continious outgoing traffic. So, I am able to ping sites, but I cannot do trace route. I cannot log in to gmail and some other sites with login procedure, but I can click while I surf around and all clicks works. But, any continious sending data is interupted.
Facebook is special story-if I clear cash/cookies in browser, I will be able to log in and that would be all I can do on Facebook. Then, any click result in endless 'waiting for www.facebook.com/...'
It seems I collected some rare beast

#75
DejanS

Posted 01 May 2012 - 04:45 AM

Regular Member

Honorary Members
54 posts

C:\Documents and Settings\User\My Documents\2007822041014.zip a variant of Win32/TFTPD32.B application deleted - quarantined
C:\Program Files\Perfect Uninstaller\PU.exe a variant of Win32/PerfectUninstaller application cleaned by deleting - quarantined
C:\Program Files\Transcribe!\Transcribe 7.xx for Windows Patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP13\A0002783.exe Win32/PSWTool.PassFox.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP13\A0002789.exe a variant of Win32/PerfectUninstaller application cleaned by deleting - quarantined
C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP13\A0002790.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
D:\Room.Arranger.v5.01.Multilingual-DVT.zip a variant of Win32/HackTool.Patcher.F application deleted - quarantined
D:\roomarrangerv5.01patchdevotion.zip a variant of Win32/HackTool.Patcher.F application deleted - quarantined
D:\IGRICE\Mount&Blade\m&b_loader.exe probably a variant of Win32/HackTool.Patcher.N application cleaned by deleting - quarantined
D:\IGRICE\Valve\Super Simple Wall v2.1\SSWv2.1.exe probably a variant of Win32/DllInject.E application cleaned by deleting - quarantined
D:\IGRICE\Warcraft III\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
D:\NEW DOWNLOADS 4\badboy51\BAd BOy\BaDBoYv5.dll a variant of Win32/GameHack.Q application cleaned by deleting - quarantined
D:\NEW DOWNLOADS 4\badboy51\BAd BOy\BaDBoYv5.exe probably a variant of Win32/DllInject.E application cleaned by deleting - quarantined
D:\NEW DOWNLOADS 4\Sound Forge 7\keygen.exe a variant of Win32/Keygen.AQ application cleaned by deleting - quarantined
D:\NEW DOWNLOADS 4\Super Simple Wall v2.1\Super Simple Wall v2.1\SSWv2.1.exe probably a variant of Win32/DllInject.E application cleaned by deleting - quarantined
D:\NEW DOWNLOADS 5\UltraSurf 9.5\u95.exe a variant of Win32/UltraReach.AC application cleaned by deleting - quarantined
D:\Room.Arranger.v5.01.Multilingual-DVT\Room.Arranger.v5.01.Multilingual-DVT\DVT\PATCH.EXE a variant of Win32/HackTool.Patcher.F application cleaned by deleting - quarantined
D:\roomarrangerv5.01patchdevotion\Room.Arranger.v5.01.Multilingual-DVT\DVT\PATCH.EXE a variant of Win32/HackTool.Patcher.F application cleaned by deleting - quarantined
D:\Torrent Downloads\Spyware_Doctor_v5.1.0.273\Keygen\Keygen.exe a variant of Win32/Keygen.BP application cleaned by deleting - quarantined
F:\Download arhiva 5\mb_loader.zip probably a variant of Win32/HackTool.Patcher.N application deleted - quarantined
F:\MAXTOR F PARTICIJA\ARHIVA STARI KOMPJUTER\Transcribe!\snd-transcribe7.xxforwindows.universalpatch.zip a variant of Win32/HackTool.Patcher.A application deleted - quarantined
F:\MAXTOR F PARTICIJA\ARHIVA STARI KOMPJUTER\Transcribe!\Transcribe 7.xx for Windows Patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
F:\MAXTOR F PARTICIJA\ARHIVA STARI KOMPJUTER\Transcribe!\snd-transcribe7.xxforwindows.universalpatch\Transcribe 7.xx for Windows Patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
F:\MAXTOR H PARTICIJA\My Documents\00 NOVE STVARI\2freeripmp3.exe Win32/AdInstaller application deleted - quarantined
F:\MAXTOR H PARTICIJA\My Documents\DAP Downloads\pz-rhdoctrn3.zip a variant of Win32/GameHack.S application deleted - quarantined
F:\MAXTOR H PARTICIJA\My Documents\DAP Downloads\pz-rhdoctrn3\pztrain.exe a variant of Win32/GameHack.S application cleaned by deleting - quarantined
F:\MAXTOR H PARTICIJA\New Disk 3\metro.exe Win32/Joke.SlideScreen application cleaned by deleting - quarantined
F:\MAXTOR H PARTICIJA\New Disk 3\Viagra.exe Win32/Joke.VirtualViagra.A application cleaned by deleting - quarantined
F:\Nero 6.6.0.13\Keygen.exe a variant of Win32/Keygen.CY application cleaned by deleting - quarantined
F:\New Torents\Perfect Uninstaller 6.3.3.8 + Serial -TrT\PerfectUninstaller_Setup.exe a variant of Win32/PerfectUninstaller application deleted - quarantined
F:\RAZNO\AudioProc.v1.81.Plugin.for.Winamp.WinAll.Incl.Keygen.rar.part a variant of Win32/Keygen.AK application deleted - quarantined
F:\RAZNO\call.of.duty.2.keygen-tsrh.zip a variant of Win32/Keygen.CU application deleted - quarantined
F:\RAZNO\PerfectUninstaller_Setup.exe a variant of Win32/PerfectUninstaller application deleted - quarantined
F:\RAZNO\SUPERsetup.exe Win32/OpenCandy application deleted - quarantined
F:\RAZNO\winamp5621_full_emusic-7plus_all.exe Win32/OpenCandy application deleted - quarantined
F:\RAZNO\call.of.duty.2.keygen-tsrh\keygen.exe a variant of Win32/Keygen.CU application cleaned by deleting - quarantined
F:\RAZNO\passwordfox\PasswordFox.exe Win32/PSWTool.PassFox.A application cleaned by deleting - quarantined
F:\RAZNO\PhotoKit for Adobe Photoshop v1.2.9-2\PhotoKit for Adobe Photoshop v1.2.9\PhotoKit for Adobe Photoshop v1.2.9\bonus\Trojan_Remover_6.8.2_Build_2596.rar a variant of Win32/HackTool.Patcher.T application deleted - quarantined
G:\Downloads\Adobe_Photoshop_Lightroom_v3.6_Multilingual_Portable.rar a variant of Win32/Keygen.BH application deleted - quarantined
G:\Downloads\Adobe_Photoshop_Lightroom_v3.6_Multilingual_Portable\Adobe Photoshop Lightroom v3.6 Multilingual Portable\hosts patch\keygen.exe a variant of Win32/Keygen.BH application cleaned by deleting - quarantined
H:\Angry.Birds.Space.v1.0.0.cracked-THETA.zip a variant of Win32/HackTool.Patcher.U application deleted - quarantined
H:\DTLite4453-0297.exe Win32/OpenCandy application deleted - quarantined
H:\Angry.Birds.Space.v1.0.0.cracked-THETA\Angry.Birds.Space.v1.0.0.cracked-THETA\Patch\Patch.exe a variant of Win32/HackTool.Patcher.U application cleaned by deleting - quarantined
H:\IGRICE\KONAMI\Pro Evolution Soccer 2012\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined

Situation is, unfortunatelly, the same...

#76
DejanS

Posted 01 May 2012 - 04:46 AM

Regular Member

Honorary Members
54 posts

Up there I attached new Eset online scanner's log.

Situation is the same...

Any ideas?

#77
Maniac

Posted 01 May 2012 - 05:04 AM

Forum Deity

Experts
17,078 posts

Gender:Male
Location:Bulgaria, EU

This case is in deadlock. The problem is that you are voluntarily used a huge amount of illegal software, even when it comes to your antivirus program. I do not think there is a better, safer and overall solution than to reinstall your operating system. You can do so to get rid of all this illegal software, get the outset measures against malicious software to be relaxed. The rules do not allow me here when there are so illegal software to help you, and you have a huge amount. Make full formatting your hard drive and then follow the advice here on how quickly after the change to take necessary protective measures:
http://forums.malwar...=0

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#78
DejanS

Posted 01 May 2012 - 06:36 AM

Regular Member

Honorary Members
54 posts

I thank you for your efforts and time.
I hope you don't see it as wasted...
All the best!
D.

#79
Maniac

Posted 01 May 2012 - 06:39 AM

Forum Deity

Experts
17,078 posts

Gender:Male
Location:Bulgaria, EU

Neither case is a waste of time. Always there are important lessons which we can derive both from your side, and from my side. I hope I was helpful with something.

Good luck!

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#80
Maurice Naggar

Posted 01 May 2012 - 10:25 AM

Eradicator de logiciels malveillants

Moderators
13,194 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

@DejanS
do a clean (new) Windows Install:
Before you do that, make sure you have at hand the Windows XP CD and also, a fresh new copy of your antivirus that is downloaded from a clean pc and saved on transportable-media (CD-DVD or clean thumb drive).
When you are at point of re-installing o.s., I'd recommend you have the pc disconnected from internet until after the o.s. is installed, plus the antivirus is fully setup and running.
See Windows XP Clean Installation - Partitioning and Formatting using Windows XP CD by Ramesh Srinivasan, MS-MVP & AumHa VSOP
Also Clean Install Windows by Michael Stevens, MS-MVP
I would urge you to follow the directions very carefully.
You will loose your documents so if you have some to save, offload them to a separate offline media. And later on insure you do a full scan of them by running your antivirus.

NOTE: If XP CD is from a pc manufacturer, and they bundled an AV like McAfee or Norton/Symantec trial versions, immediately de-install those, sice they will be outdated & of no use. Install your antvirus immediately after.

And get and install Service Pack 3 for Windows XP !!

Check in at Windows Update and install any Critical Updates offered.
Make certain that Automatic Updates is enabled.
How to configure and use Automatic Updates in Windows
http://support.microsoft.com/kb/306525

Other security references at Microsoft
4 steps to protect your computer
How to boost your malware defense and protect your PC

This topic is closed.

Edited by Maurice Naggar, 01 May 2012 - 10:28 AM.

~Maurice Naggar

I close my threads if there is 5 days without a response.

Back to Resolved HijackThis Logs · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Malwarebytes

208.73.210.29 blocked by M.Anti-Malvare, cannot open some sites in any browser

#61
DejanS

Posted 26 April 2012 - 07:05 PM

#62
Maniac

Posted 27 April 2012 - 02:15 AM

#63
DejanS

Posted 27 April 2012 - 04:09 AM

#64
DejanS

Posted 27 April 2012 - 04:12 AM

#65
Maniac

Posted 27 April 2012 - 04:18 AM

#66
DejanS

Posted 27 April 2012 - 09:42 AM

#67
DejanS

Posted 27 April 2012 - 09:44 AM

#68
DejanS

Posted 28 April 2012 - 08:20 PM

#69
Maniac

Posted 29 April 2012 - 05:28 AM

#70
DejanS

Posted 29 April 2012 - 08:41 PM

#71
DejanS

Posted 29 April 2012 - 08:44 PM

#72
Maniac

Posted 30 April 2012 - 04:09 AM

#73
DejanS

Posted 30 April 2012 - 05:09 AM

#74
DejanS

Posted 30 April 2012 - 05:18 AM

#75
DejanS

Posted 01 May 2012 - 04:45 AM

#76
DejanS

Posted 01 May 2012 - 04:46 AM

#77
Maniac

Posted 01 May 2012 - 05:04 AM

#78
DejanS

Posted 01 May 2012 - 06:36 AM

#79
Maniac

Posted 01 May 2012 - 06:39 AM

#80
Maurice Naggar

Posted 01 May 2012 - 10:25 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

Malwarebytes

208.73.210.29 blocked by M.Anti-Malvare, cannot open some sites in any browser

#61 DejanS Posted 26 April 2012 - 07:05 PM

#62 Maniac Posted 27 April 2012 - 02:15 AM

#63 DejanS Posted 27 April 2012 - 04:09 AM

#64 DejanS Posted 27 April 2012 - 04:12 AM

#65 Maniac Posted 27 April 2012 - 04:18 AM

#66 DejanS Posted 27 April 2012 - 09:42 AM

#67 DejanS Posted 27 April 2012 - 09:44 AM

#68 DejanS Posted 28 April 2012 - 08:20 PM

#69 Maniac Posted 29 April 2012 - 05:28 AM

#70 DejanS Posted 29 April 2012 - 08:41 PM

#71 DejanS Posted 29 April 2012 - 08:44 PM

#72 Maniac Posted 30 April 2012 - 04:09 AM

#73 DejanS Posted 30 April 2012 - 05:09 AM

#74 DejanS Posted 30 April 2012 - 05:18 AM

#75 DejanS Posted 01 May 2012 - 04:45 AM

#76 DejanS Posted 01 May 2012 - 04:46 AM

#77 Maniac Posted 01 May 2012 - 05:04 AM

#78 DejanS Posted 01 May 2012 - 06:36 AM

#79 Maniac Posted 01 May 2012 - 06:39 AM

#80 Maurice Naggar Posted 01 May 2012 - 10:25 AM

1 user(s) are reading this topic

Products

About

Partners

Follow Us

#61
DejanS

Posted 26 April 2012 - 07:05 PM

#62
Maniac

Posted 27 April 2012 - 02:15 AM

#63
DejanS

Posted 27 April 2012 - 04:09 AM

#64
DejanS

Posted 27 April 2012 - 04:12 AM

#65
Maniac

Posted 27 April 2012 - 04:18 AM

#66
DejanS

Posted 27 April 2012 - 09:42 AM

#67
DejanS

Posted 27 April 2012 - 09:44 AM

#68
DejanS

Posted 28 April 2012 - 08:20 PM

#69
Maniac

Posted 29 April 2012 - 05:28 AM

#70
DejanS

Posted 29 April 2012 - 08:41 PM

#71
DejanS

Posted 29 April 2012 - 08:44 PM

#72
Maniac

Posted 30 April 2012 - 04:09 AM

#73
DejanS

Posted 30 April 2012 - 05:09 AM

#74
DejanS

Posted 30 April 2012 - 05:18 AM

#75
DejanS

Posted 01 May 2012 - 04:45 AM

#76
DejanS

Posted 01 May 2012 - 04:46 AM

#77
Maniac

Posted 01 May 2012 - 05:04 AM

#78
DejanS

Posted 01 May 2012 - 06:36 AM

#79
Maniac

Posted 01 May 2012 - 06:39 AM

#80
Maurice Naggar

Posted 01 May 2012 - 10:25 AM