DejanS

Honorary Members
  • Content count

    54
  • Joined

  • Last visited

About DejanS

  • Rank
    Regular Member
  1. Ok I thank you for your efforts and time. I hope you don't see it as wasted... All the best! D.
  2. Up there I attached new Eset online scanner's log. Situation is the same... Any ideas?
  3. C:\Documents and Settings\User\My Documents\2007822041014.zip a variant of Win32/TFTPD32.B application deleted - quarantined C:\Program Files\Perfect Uninstaller\PU.exe a variant of Win32/PerfectUninstaller application cleaned by deleting - quarantined C:\Program Files\Transcribe!\Transcribe 7.xx for Windows Patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP13\A0002783.exe Win32/PSWTool.PassFox.A application cleaned by deleting - quarantined C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP13\A0002789.exe a variant of Win32/PerfectUninstaller application cleaned by deleting - quarantined C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP13\A0002790.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined D:\Room.Arranger.v5.01.Multilingual-DVT.zip a variant of Win32/HackTool.Patcher.F application deleted - quarantined D:\roomarrangerv5.01patchdevotion.zip a variant of Win32/HackTool.Patcher.F application deleted - quarantined D:\IGRICE\Mount&Blade\m&b_loader.exe probably a variant of Win32/HackTool.Patcher.N application cleaned by deleting - quarantined D:\IGRICE\Valve\Super Simple Wall v2.1\SSWv2.1.exe probably a variant of Win32/DllInject.E application cleaned by deleting - quarantined D:\IGRICE\Warcraft III\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined D:\NEW DOWNLOADS 4\badboy51\BAd BOy\BaDBoYv5.dll a variant of Win32/GameHack.Q application cleaned by deleting - quarantined D:\NEW DOWNLOADS 4\badboy51\BAd BOy\BaDBoYv5.exe probably a variant of Win32/DllInject.E application cleaned by deleting - quarantined D:\NEW DOWNLOADS 4\Sound Forge 7\keygen.exe a variant of Win32/Keygen.AQ application cleaned by deleting - quarantined D:\NEW DOWNLOADS 4\Super Simple Wall v2.1\Super Simple Wall v2.1\SSWv2.1.exe probably a variant of Win32/DllInject.E application cleaned by deleting - quarantined D:\NEW DOWNLOADS 5\UltraSurf 9.5\u95.exe a variant of Win32/UltraReach.AC application cleaned by deleting - quarantined D:\Room.Arranger.v5.01.Multilingual-DVT\Room.Arranger.v5.01.Multilingual-DVT\DVT\PATCH.EXE a variant of Win32/HackTool.Patcher.F application cleaned by deleting - quarantined D:\roomarrangerv5.01patchdevotion\Room.Arranger.v5.01.Multilingual-DVT\DVT\PATCH.EXE a variant of Win32/HackTool.Patcher.F application cleaned by deleting - quarantined D:\Torrent Downloads\Spyware_Doctor_v5.1.0.273\Keygen\Keygen.exe a variant of Win32/Keygen.BP application cleaned by deleting - quarantined F:\Download arhiva 5\mb_loader.zip probably a variant of Win32/HackTool.Patcher.N application deleted - quarantined F:\MAXTOR F PARTICIJA\ARHIVA STARI KOMPJUTER\Transcribe!\snd-transcribe7.xxforwindows.universalpatch.zip a variant of Win32/HackTool.Patcher.A application deleted - quarantined F:\MAXTOR F PARTICIJA\ARHIVA STARI KOMPJUTER\Transcribe!\Transcribe 7.xx for Windows Patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined F:\MAXTOR F PARTICIJA\ARHIVA STARI KOMPJUTER\Transcribe!\snd-transcribe7.xxforwindows.universalpatch\Transcribe 7.xx for Windows Patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined F:\MAXTOR H PARTICIJA\My Documents\00 NOVE STVARI\2freeripmp3.exe Win32/AdInstaller application deleted - quarantined F:\MAXTOR H PARTICIJA\My Documents\DAP Downloads\pz-rhdoctrn3.zip a variant of Win32/GameHack.S application deleted - quarantined F:\MAXTOR H PARTICIJA\My Documents\DAP Downloads\pz-rhdoctrn3\pztrain.exe a variant of Win32/GameHack.S application cleaned by deleting - quarantined F:\MAXTOR H PARTICIJA\New Disk 3\metro.exe Win32/Joke.SlideScreen application cleaned by deleting - quarantined F:\MAXTOR H PARTICIJA\New Disk 3\Viagra.exe Win32/Joke.VirtualViagra.A application cleaned by deleting - quarantined F:\Nero 6.6.0.13\Keygen.exe a variant of Win32/Keygen.CY application cleaned by deleting - quarantined F:\New Torents\Perfect Uninstaller 6.3.3.8 + Serial -TrT\PerfectUninstaller_Setup.exe a variant of Win32/PerfectUninstaller application deleted - quarantined F:\RAZNO\AudioProc.v1.81.Plugin.for.Winamp.WinAll.Incl.Keygen.rar.part a variant of Win32/Keygen.AK application deleted - quarantined F:\RAZNO\call.of.duty.2.keygen-tsrh.zip a variant of Win32/Keygen.CU application deleted - quarantined F:\RAZNO\PerfectUninstaller_Setup.exe a variant of Win32/PerfectUninstaller application deleted - quarantined F:\RAZNO\SUPERsetup.exe Win32/OpenCandy application deleted - quarantined F:\RAZNO\winamp5621_full_emusic-7plus_all.exe Win32/OpenCandy application deleted - quarantined F:\RAZNO\call.of.duty.2.keygen-tsrh\keygen.exe a variant of Win32/Keygen.CU application cleaned by deleting - quarantined F:\RAZNO\passwordfox\PasswordFox.exe Win32/PSWTool.PassFox.A application cleaned by deleting - quarantined F:\RAZNO\PhotoKit for Adobe Photoshop v1.2.9-2\PhotoKit for Adobe Photoshop v1.2.9\PhotoKit for Adobe Photoshop v1.2.9\bonus\Trojan_Remover_6.8.2_Build_2596.rar a variant of Win32/HackTool.Patcher.T application deleted - quarantined G:\Downloads\Adobe_Photoshop_Lightroom_v3.6_Multilingual_Portable.rar a variant of Win32/Keygen.BH application deleted - quarantined G:\Downloads\Adobe_Photoshop_Lightroom_v3.6_Multilingual_Portable\Adobe Photoshop Lightroom v3.6 Multilingual Portable\hosts patch\keygen.exe a variant of Win32/Keygen.BH application cleaned by deleting - quarantined H:\Angry.Birds.Space.v1.0.0.cracked-THETA.zip a variant of Win32/HackTool.Patcher.U application deleted - quarantined H:\DTLite4453-0297.exe Win32/OpenCandy application deleted - quarantined H:\Angry.Birds.Space.v1.0.0.cracked-THETA\Angry.Birds.Space.v1.0.0.cracked-THETA\Patch\Patch.exe a variant of Win32/HackTool.Patcher.U application cleaned by deleting - quarantined H:\IGRICE\KONAMI\Pro Evolution Soccer 2012\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined Situation is, unfortunatelly, the same...
  4. I don't know if this will help: I noticed that something doesn't allow continious outgoing traffic. So, I am able to ping sites, but I cannot do trace route. I cannot log in to gmail and some other sites with login procedure, but I can click while I surf around and all clicks works. But, any continious sending data is interupted. Facebook is special story-if I clear cash/cookies in browser, I will be able to log in and that would be all I can do on Facebook. Then, any click result in endless 'waiting for www.facebook.com/...' It seems I collected some rare beast
  5. McAfee® Labs Stinger Version 10.2.0.599 built on Apr 27 2012 Copyright © 2011 McAfee, Inc. All Rights Reserved. Virus data file v1000.0000 created on Apr 27 2012. Ready to scan for 4321 viruses, trojans and variants. Scan initiated on Sun Apr 29 21:56:49 2012 Rootkit scan result : Not Scanned Master Boot Record(s):....2 Possibly Infected:.............0 Boot Sector(s):.................5 Possibly Infected: ............0 C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76183 Found the Artemis!DAAB7C794B82 trojan !!! C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76183 is infected with the Artemis!DAAB7C794B82 virus !!! C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76183 has been deleted. C:\Program Files\WSC install\WSCV5\start.exe Found the Artemis!6890C484BDC2 trojan !!! C:\Program Files\WSC install\WSCV5\start.exe is infected with the Artemis!6890C484BDC2 virus !!! C:\Program Files\WSC install\WSCV5\start.exe has been deleted. C:\Program Files\WSC install\WSCV5.exe\START.EXE Found the Artemis!6890C484BDC2 trojan !!! C:\Program Files\WSC install\WSCV5.exe\START.EXE is infected with the Artemis!6890C484BDC2 virus !!! C:\Program Files\WSC install\WSCV5.exe\START.EXE could not be repaired. C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP10\A0002633.exe Found the Artemis!6890C484BDC2 trojan !!! C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP10\A0002633.exe is infected with the Artemis!6890C484BDC2 virus !!! C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP10\A0002633.exe has been deleted. Number of clean files: 663330 Number of infected files: 4 Number of files cleaned: 3
  6. I checked out pc with Stinger (MC Afee). It found one generic type of trojan, Artemis (with lots of numbers in name). I have log file, if you want I can attach it too. All the best
  7. OTL logfile created on: 30.4.2012 3:12:42 - Run 3 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\User\My Documents\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C1A | Country: Serbia and Montenegro | Language: SRB | Date Format: d.M.yyyy 2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,36% Memory free 4,78 Gb Paging File | 4,17 Gb Available in Paging File | 87,24% Paging File free Paging file location(s): C:\pagefile.sys 3000 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 1,52 Gb Free Space | 3,11% Space Free | Partition Type: NTFS Drive D: | 184,05 Gb Total Space | 5,25 Gb Free Space | 2,85% Space Free | Partition Type: NTFS Drive F: | 195,31 Gb Total Space | 6,43 Gb Free Space | 3,29% Space Free | Partition Type: NTFS Drive G: | 75,13 Gb Total Space | 7,22 Gb Free Space | 9,60% Space Free | Partition Type: NTFS Drive H: | 195,31 Gb Total Space | 11,27 Gb Free Space | 5,77% Space Free | Partition Type: NTFS Computer Name: MOBILE | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.29 22:51:01 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\new OTL.exe PRC - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.03.22 00:27:28 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 18:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.06.01 13:05:32 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2011.01.12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010.01.31 19:23:34 | 000,661,776 | -H-- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2007.09.10 15:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.05.15 11:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe ========== Modules (No Company Name) ========== MOD - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe MOD - [2010.10.22 17:29:54 | 000,133,120 | ---- | M] () -- C:\Program Files\Free Desktop Clock\Clock.dll MOD - [2010.06.01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll MOD - [2007.06.07 21:11:12 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm MOD - [2006.10.22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll MOD - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe MOD - [2004.08.04 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.04.24 20:21:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.03.15 09:18:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- D:\IGRICE\UltraStar Deluxe\zlportio.sys -- (zlportio) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vsc.sys -- (vsc32) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mferkdet.sys -- (mferkdet) DRV - File not found [Kernel | Boot | Running] -- system32\drivers\mfehidk.sys -- (mfehidk) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\1151.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MTiCtwl.sys -- (MagicTune) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\YFH31BF.tmp -- (GarenaPEngine) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdTools.sys -- (amdtools) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\AMDPCI.sys -- (AMDPCI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO) DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.02.18 16:12:12 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.12.21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010.12.21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw) DRV - [2010.12.21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis) DRV - [2010.08.03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi) DRV - [2010.05.26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks) DRV - [2009.09.09 14:18:57 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009.07.17 02:46:46 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm) DRV - [2009.06.22 19:38:18 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.06.22 19:24:48 | 000,100,480 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.04.05 02:33:14 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102) DRV - [2008.05.28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2008.01.30 23:41:08 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2008.01.30 23:41:08 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.01.30 23:26:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2007.10.07 05:23:47 | 000,002,208 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nxsIO32.sys -- (nxsIO32) DRV - [2007.10.04 05:24:42 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2007.07.24 09:45:20 | 000,328,824 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.07.11 10:20:26 | 000,201,848 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007.05.14 23:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007.05.14 23:40:16 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt) DRV - [2007.05.14 23:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter) DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007.05.10 12:28:08 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.05.09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT) DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum) DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2006.11.23 17:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2006.11.21 23:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006.08.14 22:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006.06.19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.03.26 14:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2006.03.24 18:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV - [2006.03.13 11:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005.12.22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005.12.22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005.12.22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2005.12.21 11:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2005.08.30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2005.08.30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2005.08.30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2005.02.11 22:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004.10.26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO) DRV - [2004.08.11 06:42:28 | 000,454,815 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50) DRV - [2004.08.04 07:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5) DRV - [2002.09.09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5) DRV - [2001.08.17 14:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/ IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}&src=IE-SearchBox&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}'>http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}&src=IE-SearchBox&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language} IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms} IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q=" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.rs/" FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.01 13:06:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 20:21:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.08.21 07:32:52 | 000,000,000 | ---D | M] [2011.01.20 15:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions [2012.04.25 19:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions [2011.03.23 15:24:57 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b} [2012.03.19 22:18:59 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2010.07.31 00:02:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}(2) [2009.03.12 01:48:11 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2) [2012.03.30 05:35:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.06.14 18:24:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) [2011.11.13 00:21:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(3) [2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Curacao) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}(2) [2012.04.25 19:54:51 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.03.02 02:51:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009.03.12 01:48:11 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\nasanightlaunch@example(2).com [2009.05.15 09:09:38 | 000,002,042 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\facebook.xml [2010.09.04 17:08:21 | 000,002,079 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\google.xml [2012.04.17 06:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DM5592B1.DEFAULT\EXTENSIONS\BYM@SAVETHEWORLD.ORG.XPI [2012.04.24 20:21:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Cortona VRML Client (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCortona.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\WINDOWS\system32\npmirage.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ CHR - Extension: Skype Click to Call = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ O1 HOSTS File: ([2012.04.22 16:14:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {C11483F7-D7D8-4804-98D8-6055470BB989} - No CLSID value found. O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe () O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [skinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe () O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315113466093 (MUCatalogWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} http://pcpitstop.com/antivirus/PitPav.cab (AV Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.117.194.2 82.117.194.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E0A5C03-2F42-4E86-933C-CC9403ED7B2A}: DhcpNameServer = 82.117.194.2 82.117.194.3 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.10.04 05:15:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.04.30 01:35:14 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.7631.deleteme [2012.04.30 01:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegistryNuke 2012 [2012.04.30 00:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryNuke 2012 [2012.04.29 21:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2012.04.27 03:45:06 | 000,000,000 | ---D | C] -- C:\gmer [2012.04.27 00:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun [2012.04.27 00:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.04.27 00:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Oracle [2012.04.27 00:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2012.04.27 00:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.04.27 00:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\jdk1.7.0_04_combo [2012.04.26 04:23:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.04.25 21:53:47 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2012.04.25 19:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\QuickScan [2012.04.25 06:53:24 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys [2012.04.25 04:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\OxyCube [2012.04.25 04:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Oxygen Software [2012.04.25 04:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Oxygen Software [2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012.04.22 21:43:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.04.22 21:43:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.04.22 21:43:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.04.22 21:43:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.04.22 21:42:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.04.21 07:36:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent [2012.04.17 08:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis [2012.04.17 08:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups [2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\HostsMan [2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HostsMan [2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\abelhadigital.com [2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com [2012.04.17 06:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.04.16 21:10:23 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.04.16 20:58:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012.04.15 18:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller [2012.04.15 18:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller [2012.04.14 18:35:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.04.06 16:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-_files [2012.04.05 22:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Freemake [2012.04.05 22:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freemake [2012.04.05 22:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake [10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.30 03:09:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-527237240-725345543-1003.job [2012.04.30 03:09:43 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job [2012.04.30 02:33:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003UA.job [2012.04.30 02:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.04.30 02:04:42 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.04.30 01:35:11 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.7631.deleteme [2012.04.30 01:29:27 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job [2012.04.30 01:23:56 | 000,596,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.30 01:23:56 | 000,125,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.30 01:19:28 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.04.30 01:19:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.04.30 01:18:55 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.30 01:18:50 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys [2012.04.30 01:18:10 | 000,000,552 | ---- | M] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini [2012.04.30 01:00:04 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryNuke 2012.lnk [2012.04.30 00:58:45 | 065,404,930 | ---- | M] () -- C:\registry april2012.reg [2012.04.30 00:58:04 | 162,660,354 | ---- | M] () -- C:\Documents and Settings\User\My Documents\april2012.reg [2012.04.29 22:53:22 | 000,000,372 | RHS- | M] () -- C:\boot.ini [2012.04.29 22:33:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003Core.job [2012.04.29 15:34:50 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Outlook 2003.lnk [2012.04.29 06:25:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.28 22:36:38 | 000,007,504 | ---- | M] () -- C:\Documents and Settings\User\Desktop\config TP LINK.bin [2012.04.27 02:36:22 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.04.26 04:33:30 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Tcpview.lnk [2012.04.25 22:56:07 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe [2012.04.25 22:51:42 | 000,367,166 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache [2012.04.25 22:51:25 | 000,399,428 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache [2012.04.25 21:43:45 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache [2012.04.25 20:21:08 | 000,112,143 | ---- | M] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf [2012.04.25 20:20:24 | 000,251,333 | ---- | M] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf [2012.04.25 20:01:54 | 002,796,446 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG [2012.04.25 19:26:53 | 000,080,458 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG [2012.04.25 19:23:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2012.04.25 06:56:23 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys [2012.04.25 04:47:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk [2012.04.25 03:56:29 | 000,000,332 | ---- | M] () -- C:\WINDOWS\desctemp.dat [2012.04.25 00:36:08 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2012.04.24 08:36:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\My Documents\MBR.dat [2012.04.23 14:05:31 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk [2012.04.22 16:14:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.04.21 05:18:50 | 000,165,100 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar [2012.04.19 03:57:21 | 000,193,536 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.17 23:43:06 | 000,133,224 | ---- | M] () -- C:\Documents and Settings\User\My Documents\krompir.pdf [2012.04.17 18:38:49 | 000,337,325 | ---- | M] () -- C:\Documents and Settings\User\Desktop\FSS.exe [2012.04.17 17:43:34 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe [2012.04.17 08:08:42 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk [2012.04.17 06:32:37 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012.04.17 06:32:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012.04.17 06:28:20 | 000,213,572 | ---- | M] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json [2012.04.16 21:26:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Copy of hosts [2012.04.15 18:31:24 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc [2012.04.15 18:30:41 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie [2012.04.15 18:30:26 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk [2012.04.15 12:48:44 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe [2012.04.13 20:43:17 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012.04.13 20:43:17 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012.04.12 19:30:41 | 001,850,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar [2012.04.12 17:51:11 | 008,876,969 | ---- | M] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip [2012.04.11 02:40:04 | 000,002,665 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Readon TV Movie Radio Player.lnk [2012.04.08 05:53:24 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP-LINK.url [2012.04.07 22:52:48 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk [2012.04.07 00:28:56 | 000,042,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg [2012.04.06 20:38:31 | 000,617,836 | ---- | M] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf [2012.04.06 17:03:18 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url [2012.04.06 16:38:11 | 000,139,610 | ---- | M] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm [2012.04.05 22:39:23 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk [2012.04.05 22:00:19 | 000,911,499 | ---- | M] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf [2012.04.05 21:12:30 | 000,058,021 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg [2012.03.31 23:20:45 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\User\Application Data\room_v3.dat [10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.30 01:29:27 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job [2012.04.30 01:00:04 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryNuke 2012.lnk [2012.04.30 00:58:28 | 065,404,930 | ---- | C] () -- C:\registry april2012.reg [2012.04.30 00:56:45 | 162,660,354 | ---- | C] () -- C:\Documents and Settings\User\My Documents\april2012.reg [2012.04.28 22:36:37 | 000,007,504 | ---- | C] () -- C:\Documents and Settings\User\Desktop\config TP LINK.bin [2012.04.27 03:44:07 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.exe [2012.04.26 04:33:30 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Tcpview.lnk [2012.04.25 22:55:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe [2012.04.25 22:51:42 | 000,367,166 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache [2012.04.25 22:51:25 | 000,399,428 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache [2012.04.25 21:43:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache [2012.04.25 20:22:25 | 000,251,333 | ---- | C] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf [2012.04.25 20:22:25 | 000,112,143 | ---- | C] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf [2012.04.25 19:26:53 | 000,080,458 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG [2012.04.25 19:25:59 | 002,796,446 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG [2012.04.25 04:47:00 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk [2012.04.25 03:41:27 | 000,000,332 | ---- | C] () -- C:\WINDOWS\desctemp.dat [2012.04.25 00:36:08 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2012.04.25 00:36:08 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2012.04.24 08:36:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\My Documents\MBR.dat [2012.04.22 21:43:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.04.22 21:43:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.04.22 21:43:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.04.22 21:43:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.04.22 21:43:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.04.21 05:18:50 | 000,165,100 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar [2012.04.17 23:43:16 | 000,133,224 | ---- | C] () -- C:\Documents and Settings\User\My Documents\krompir.pdf [2012.04.17 18:39:21 | 000,337,325 | ---- | C] () -- C:\Documents and Settings\User\Desktop\FSS.exe [2012.04.17 17:44:08 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe [2012.04.17 08:08:42 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk [2012.04.17 06:32:37 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012.04.17 06:32:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2012.04.17 06:32:37 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012.04.17 06:28:20 | 000,213,572 | ---- | C] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json [2012.04.16 21:10:30 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2012.04.16 21:10:28 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012.04.15 18:31:24 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc [2012.04.15 18:30:41 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie [2012.04.15 18:30:26 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk [2012.04.15 12:48:44 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe [2012.04.12 19:30:40 | 001,850,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar [2012.04.12 17:50:45 | 008,876,969 | ---- | C] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip [2012.04.12 14:44:37 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job [2012.04.07 22:52:48 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk [2012.04.07 00:28:55 | 000,042,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg [2012.04.06 20:38:30 | 000,617,836 | ---- | C] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf [2012.04.06 16:38:10 | 000,139,610 | ---- | C] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm [2012.04.06 16:08:18 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url [2012.04.06 12:22:26 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-527237240-725345543-1003-0.dat [2012.04.06 05:02:56 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012.04.05 22:39:23 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk [2012.04.05 22:00:19 | 000,911,499 | ---- | C] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf [2012.04.05 20:09:00 | 000,058,021 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg [2012.01.24 15:37:35 | 000,014,368 | ---- | C] () -- C:\WINDOWS\skype.dat [2012.01.24 15:37:05 | 000,032,854 | ---- | C] () -- C:\WINDOWS\iniLS.dat [2012.01.04 20:30:14 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\nwsrmodn.dll [2011.12.18 06:53:44 | 000,718,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011.09.05 01:11:49 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini [2011.08.31 15:38:06 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI [2011.08.31 15:19:01 | 000,000,370 | ---- | C] () -- C:\WINDOWS\dorp.dat [2011.08.08 15:14:26 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.08.08 15:08:40 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll [2011.07.28 16:08:22 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys [2011.07.18 19:33:58 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun [2011.07.04 20:35:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.07.04 20:35:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.07.03 07:12:59 | 000,000,219 | ---- | C] () -- C:\WINDOWS\tropical_beaches1.ini [2011.07.03 07:12:38 | 000,002,149 | ---- | C] () -- C:\WINDOWS\unins002.dat [2011.07.03 07:11:01 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\bvcsky.dll [2011.06.15 05:42:10 | 000,794,906 | ---- | C] () -- C:\WINDOWS\unins001.exe [2011.06.15 05:42:10 | 000,004,189 | ---- | C] () -- C:\WINDOWS\unins001.dat [2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f [2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f [2011.06.08 21:02:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.06.05 23:59:21 | 000,037,556 | ---- | C] () -- C:\WINDOWS\System32\Sylvunins.exe [2011.06.05 20:40:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\UnInstall Tweety Time V4.exe [2011.05.28 02:23:58 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room_v3.dat [2011.05.08 02:09:39 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\rpicfica.bin [2011.04.23 18:08:16 | 000,000,212 | ---- | C] () -- C:\WINDOWS\topocr.INI [2011.04.14 02:09:53 | 000,000,108 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.03.23 10:26:01 | 000,046,658 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room.dat [2011.03.03 12:01:37 | 000,000,652 | ---- | C] () -- C:\WINDOWS\unins000.dat [2011.01.15 12:41:36 | 000,000,170 | ---- | C] () -- C:\WINDOWS\game.ini [2010.10.23 21:44:54 | 000,000,088 | ---- | C] () -- C:\WINDOWS\StyleBuilder.INI [2010.10.19 05:48:04 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Readiris.ini [2010.09.29 19:35:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY.INI [2010.09.14 12:07:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\SW_Win2000X9.DLL [2010.09.14 12:05:54 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win3112X32.DLL [2010.09.14 12:05:33 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\beconvlib.dll [2010.09.14 12:05:33 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\bprgcomm.dll [2010.09.14 12:05:33 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll [2010.09.14 12:05:33 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx151ic.ini [2010.09.14 12:05:32 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SII_PDF.dll [2010.09.14 12:05:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll [2010.09.14 12:05:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll [2010.09.14 12:05:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe ========== LOP Check ========== [2012.04.17 06:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com [2007.10.04 05:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2010.09.11 19:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision [2011.10.03 20:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Antenna Magus [2011.02.22 01:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem [2010.08.17 13:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare [2010.01.31 19:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth [2010.12.17 22:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2009.11.05 03:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software [2008.08.31 18:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buena Vista Games [2008.11.10 19:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cabela's® Big Game Hunter III Saves [2009.11.18 01:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloanto [2008.12.17 22:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters [2011.02.18 16:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2007.12.03 14:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Default [2011.01.22 12:03:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS [2011.04.04 00:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core [2012.02.12 15:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2011.08.21 07:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2010.09.15 20:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4 [2008.07.25 12:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios [2011.07.01 18:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesForOne [2010.02.03 05:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameXzone [2010.09.24 17:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2012.01.12 16:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo [2011.11.04 10:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI [2008.09.21 20:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 [2011.06.28 13:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments [2011.11.23 21:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeKSoft [2011.11.23 21:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\o1rdee [2010.09.24 17:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2008.10.27 16:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2011.04.14 00:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment [2010.08.26 17:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files [2011.08.22 14:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Readon [2009.11.05 03:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited [2011.04.14 00:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2011.04.21 02:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2012.01.12 16:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc [2010.08.25 15:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive [2011.07.28 16:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg [2011.07.28 16:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft [2011.08.31 14:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited [2011.04.05 14:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft [2009.05.18 17:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick [2012.01.12 16:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2007.12.03 17:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Urban FreeStyle Soccer [2010.09.17 20:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk [2011.09.02 00:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VST3 Presets [2009.09.21 06:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X3mE Yamb [2010.08.08 21:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Z-Software [2011.08.31 15:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon [2012.04.21 09:43:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} [2009.05.28 14:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{27ED786F-D773-47F8-93EB-8A249414AD30} [2011.11.23 05:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\.purple [2009.05.31 20:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\123 Free Solitaire [2011.07.01 17:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\1st Free Solitaire [2011.11.04 11:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\2K Sports [2009.12.04 04:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\3DFA [2011.07.03 07:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\7art [2012.04.17 06:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\abelhadigital.com [2007.10.08 00:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ACD Systems [2008.01.11 11:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Acoustica [2011.04.03 14:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Activision [2010.11.05 03:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AKVIS LLC [2009.03.22 19:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Anvil Studio [2011.01.24 07:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Apowersoft [2010.06.03 19:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Astro Gemini Software [2012.04.08 06:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Audacity [2010.11.04 01:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auto FX Software [2008.03.17 14:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AvexLab [2008.08.29 14:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Big Fish Games [2009.01.09 16:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Black Sea Studios [2011.10.31 03:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BSplayer Pro [2008.12.17 03:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ChaosPro [2011.02.03 17:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Chessmaster Challenge [2009.08.20 05:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Cloanto [2007.12.02 16:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ConvertTemp [2009.12.29 17:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\COWON [2011.02.27 04:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Lite [2011.09.27 17:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dekart [2011.06.09 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DVD Catalyst 4 [2010.05.30 19:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\elefundesktops [2009.09.11 17:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Eltima Software [2010.11.15 14:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\enchant [2011.08.21 07:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ESET [2010.09.15 20:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\F4 [2008.04.07 17:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FDRLab [2009.05.14 03:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FixerLabs [2010.06.21 16:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\fltk.org [2008.09.21 20:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GameHouse [2010.12.17 22:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GameRanger [2008.07.26 19:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Games [2008.08.11 00:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GamesCafe [2011.07.01 18:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GamesForOne [2012.03.28 06:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo [2011.07.01 18:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Goodsol [2008.10.27 04:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GrassGames [2012.04.20 04:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0 [2011.01.20 22:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Hornil [2011.06.25 04:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Hoyle [2010.02.08 20:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Hoyle FaceCreator [2007.12.30 17:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech [2008.12.22 20:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LEAPS [2012.02.09 23:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Licenses_ [2011.04.14 23:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LockHunter [2010.08.27 10:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LolClient [2008.10.23 01:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MailWasher [2012.04.29 21:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MailWasherPro [2011.07.04 18:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Marine Aquarium 3 [2009.10.05 19:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mikrotik [2008.10.16 21:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mount&Blade [2011.02.03 15:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mount&Blade Warband [2011.06.18 08:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mount&Blade With Fire and Sword [2010.06.05 10:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mp3tag [2012.02.12 18:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Need for Speed World [2009.09.21 04:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Neverball [2010.09.24 17:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia [2009.09.04 00:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera [2012.04.27 00:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle [2007.10.22 02:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Orbit [2011.12.15 08:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OxelonMC [2012.04.25 04:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OxyCube [2010.09.24 17:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite [2008.12.22 20:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Pegasys Inc [2010.01.30 05:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PhoneRemoteControl [2008.10.27 16:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst [2011.04.05 14:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PunkBuster [2008.08.13 10:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PySolFC [2010.06.09 23:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\qs [2012.04.25 20:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan [2012.03.30 16:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Rovio [2009.12.01 15:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\runic games [2007.12.02 16:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Samsung [2009.09.24 15:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ScummVM [2009.05.28 14:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Seven Zip [2010.08.25 15:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive [2011.09.02 00:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Steinberg [2009.10.29 02:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Synthesia [2007.12.02 16:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Temporary [2010.08.17 14:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Creative Assembly [2011.08.28 01:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Longest Journey [2010.01.04 04:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thinstall [2010.11.25 17:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TransRender [2008.12.08 17:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TuneUp Software [2008.11.20 16:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubi.com [2011.04.27 00:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ubisoft [2009.05.18 17:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\UClick [2012.01.12 17:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ulead Systems [2009.04.03 02:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Uniblue [2012.04.21 07:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent [2009.10.27 15:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\VitySoft [2012.01.18 20:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Vso [2012.02.09 08:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WeatherPulse [2008.05.06 10:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WNR [2009.09.21 06:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\X3mE Yamb [2010.08.08 21:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Z-Software [2011.08.31 15:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Zeon [2012.02.24 13:10:39 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\photostageShakeIcon.job ========== Purity Check ========== < End of report >
  8. I forgot to say - last anti-malware warning about malicious IP appeared zesterdaz at noon. I hope that it is sign we at least succeed to get rid if that one...
  9. I followed instructions and disabled Eset. No changes in behaviour. I still cannot send emails (I can recieve those). Upload speed is still zero. I still cannot get to facebook, gmail, isohunt... When I connect to yahoo messenger it always disconnecst me in minute or so, then it recconects me and then it works ok (though I cannot send anything there, it seems like I am connected just for chat, nothing else...). I suppose I should activate Eset again. Thanks again for help.
  10. I scanned PC with GMER for rootkits. I dont see it find anything. If zou want I can post log here. Thanks for your help, again. I hope we will find alien
  11. OTL logfile created on: 27.4.2012 10:52:58 - Run 2 OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\User\My Documents\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C1A | Country: Serbia and Montenegro | Language: SRB | Date Format: d.M.yyyy 2,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 62,16% Memory free 4,78 Gb Paging File | 4,15 Gb Available in Paging File | 86,77% Paging File free Paging file location(s): C:\pagefile.sys 3000 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 1,96 Gb Free Space | 4,02% Space Free | Partition Type: NTFS Drive D: | 184,05 Gb Total Space | 5,25 Gb Free Space | 2,85% Space Free | Partition Type: NTFS Drive F: | 195,31 Gb Total Space | 6,45 Gb Free Space | 3,30% Space Free | Partition Type: NTFS Drive G: | 75,13 Gb Total Space | 7,22 Gb Free Space | 9,60% Space Free | Partition Type: NTFS Drive H: | 195,31 Gb Total Space | 11,27 Gb Free Space | 5,77% Space Free | Partition Type: NTFS Computer Name: MOBILE | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.26 01:44:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe PRC - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.03.22 00:27:28 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 18:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.06.01 13:05:32 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe PRC - [2011.01.12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe PRC - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010.01.31 19:23:34 | 000,661,776 | -H-- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2007.09.10 15:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.05.15 11:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe ========== Modules (No Company Name) ========== MOD - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe MOD - [2010.10.22 17:29:54 | 000,133,120 | ---- | M] () -- C:\Program Files\Free Desktop Clock\Clock.dll MOD - [2010.06.01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll MOD - [2007.06.07 21:11:12 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm MOD - [2006.10.22 13:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2006.10.22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll MOD - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe MOD - [2005.10.07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2004.08.04 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll MOD - [2004.08.04 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.04.24 20:21:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.03.15 09:18:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn) SRV - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- D:\IGRICE\UltraStar Deluxe\zlportio.sys -- (zlportio) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vsc.sys -- (vsc32) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\User\LOCALS~1\Temp\pwtdypog.sys -- (pwtdypog) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\1151.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MTiCtwl.sys -- (MagicTune) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\YFH31BF.tmp -- (GarenaPEngine) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdTools.sys -- (amdtools) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\AMDPCI.sys -- (AMDPCI) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO) DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.02.18 16:12:12 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.12.21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2010.12.21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw) DRV - [2010.12.21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis) DRV - [2010.08.03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi) DRV - [2010.05.26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks) DRV - [2009.09.09 14:18:57 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009.07.17 02:46:46 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm) DRV - [2009.06.22 19:38:18 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.06.22 19:24:48 | 000,100,480 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.04.05 02:33:14 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102) DRV - [2008.05.28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2008.01.30 23:41:08 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2008.01.30 23:41:08 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.01.30 23:26:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2007.10.07 05:23:47 | 000,002,208 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nxsIO32.sys -- (nxsIO32) DRV - [2007.10.04 05:24:42 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2007.07.24 09:45:20 | 000,328,824 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.07.11 10:20:26 | 000,201,848 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007.05.14 23:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007.05.14 23:40:16 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt) DRV - [2007.05.14 23:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter) DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007.05.10 12:28:08 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.05.09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT) DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum) DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2006.11.23 17:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2006.11.21 23:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter) DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2006.08.14 22:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006.06.19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.03.26 14:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2006.03.24 18:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV - [2006.03.13 11:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005.12.22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005.12.22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005.12.22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2005.12.21 11:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2005.08.30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2005.08.30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2005.08.30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2005.02.11 22:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004.10.26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO) DRV - [2004.08.11 06:42:28 | 000,454,815 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50) DRV - [2004.08.04 07:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5) DRV - [2002.09.09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5) DRV - [2001.08.17 14:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/ IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}&src=IE-SearchBox&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}'>http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}&src=IE-SearchBox&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language} IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms} IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q=" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.rs/" FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.01 13:06:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 20:21:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.08.21 07:32:52 | 000,000,000 | ---D | M] [2011.01.20 15:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions [2012.04.25 19:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions [2011.03.23 15:24:57 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b} [2012.03.19 22:18:59 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2010.07.31 00:02:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}(2) [2009.03.12 01:48:11 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2) [2012.03.30 05:35:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.06.14 18:24:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2) [2011.11.13 00:21:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(3) [2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Curacao) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}(2) [2012.04.25 19:54:51 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.03.02 02:51:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009.03.12 01:48:11 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\nasanightlaunch@example(2).com [2009.05.15 09:09:38 | 000,002,042 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\facebook.xml [2010.09.04 17:08:21 | 000,002,079 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\google.xml [2012.04.17 06:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DM5592B1.DEFAULT\EXTENSIONS\BYM@SAVETHEWORLD.ORG.XPI [2012.04.24 20:21:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Cortona VRML Client (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCortona.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\WINDOWS\system32\npmirage.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ CHR - Extension: Skype Click to Call = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ O1 HOSTS File: ([2012.04.22 16:14:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {C11483F7-D7D8-4804-98D8-6055470BB989} - No CLSID value found. O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [skinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe () O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315113466093 (MUCatalogWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} http://pcpitstop.com/antivirus/PitPav.cab (AV Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.117.194.2 82.117.194.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E0A5C03-2F42-4E86-933C-CC9403ED7B2A}: DhcpNameServer = 82.117.194.2 82.117.194.3 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.10.04 05:15:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.04.27 03:45:06 | 000,000,000 | ---D | C] -- C:\gmer [2012.04.27 00:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun [2012.04.27 00:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.04.27 00:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Oracle [2012.04.27 00:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2012.04.27 00:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.04.27 00:40:42 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.04.27 00:40:42 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012.04.27 00:40:42 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.04.27 00:40:42 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.04.27 00:40:32 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.04.27 00:40:32 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.04.27 00:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\jdk1.7.0_04_combo [2012.04.26 04:23:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.04.25 21:53:47 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2012.04.25 19:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\QuickScan [2012.04.25 06:53:24 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys [2012.04.25 04:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\OxyCube [2012.04.25 04:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Oxygen Software [2012.04.25 04:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Oxygen Software [2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012.04.22 21:43:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.04.22 21:43:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.04.22 21:43:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.04.22 21:43:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.04.22 21:42:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.04.21 07:36:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent [2012.04.17 08:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis [2012.04.17 08:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups [2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\HostsMan [2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HostsMan [2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\abelhadigital.com [2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com [2012.04.17 06:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.04.16 21:10:23 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.04.16 20:58:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012.04.15 18:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller [2012.04.15 18:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller [2012.04.14 18:35:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.04.06 16:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-_files [2012.04.05 22:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Freemake [2012.04.05 22:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freemake [2012.04.05 22:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake [2012.03.30 16:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rovio [10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.27 10:33:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003UA.job [2012.04.27 10:32:19 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.04.27 03:59:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job [2012.04.27 03:46:46 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-527237240-725345543-1003.job [2012.04.27 03:46:46 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job [2012.04.27 02:36:22 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.04.27 00:54:30 | 000,596,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.04.27 00:54:30 | 000,125,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.04.27 00:48:55 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.04.27 00:48:48 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.04.27 00:48:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.04.27 00:48:13 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat [2012.04.27 00:48:09 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys [2012.04.27 00:47:05 | 000,000,552 | ---- | M] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini [2012.04.27 00:40:20 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.04.27 00:40:20 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.04.26 22:33:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003Core.job [2012.04.26 04:33:30 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Tcpview.lnk [2012.04.26 04:19:46 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2012.04.26 01:32:14 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Outlook 2003.lnk [2012.04.25 22:56:07 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe [2012.04.25 22:51:42 | 000,367,166 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache [2012.04.25 22:51:25 | 000,399,428 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache [2012.04.25 21:43:45 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache [2012.04.25 20:21:08 | 000,112,143 | ---- | M] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf [2012.04.25 20:20:24 | 000,251,333 | ---- | M] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf [2012.04.25 20:01:54 | 002,796,446 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG [2012.04.25 19:26:53 | 000,080,458 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG [2012.04.25 19:23:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2012.04.25 06:56:23 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys [2012.04.25 04:47:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk [2012.04.25 03:56:29 | 000,000,332 | ---- | M] () -- C:\WINDOWS\desctemp.dat [2012.04.25 00:36:08 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2012.04.24 08:39:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.04.24 08:36:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\My Documents\MBR.dat [2012.04.23 14:05:31 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk [2012.04.22 16:14:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.04.21 05:18:50 | 000,165,100 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar [2012.04.19 03:57:21 | 000,193,536 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.17 23:43:06 | 000,133,224 | ---- | M] () -- C:\Documents and Settings\User\My Documents\krompir.pdf [2012.04.17 18:38:49 | 000,337,325 | ---- | M] () -- C:\Documents and Settings\User\Desktop\FSS.exe [2012.04.17 17:43:34 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe [2012.04.17 08:08:42 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk [2012.04.17 06:32:37 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012.04.17 06:32:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012.04.17 06:28:20 | 000,213,572 | ---- | M] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json [2012.04.16 21:26:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Copy of hosts [2012.04.15 18:31:24 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc [2012.04.15 18:30:41 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie [2012.04.15 18:30:26 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk [2012.04.15 12:48:44 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe [2012.04.13 20:43:17 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012.04.13 20:43:17 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012.04.12 19:30:41 | 001,850,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar [2012.04.12 17:51:11 | 008,876,969 | ---- | M] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip [2012.04.11 02:40:04 | 000,002,665 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Readon TV Movie Radio Player.lnk [2012.04.08 05:53:24 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP-LINK.url [2012.04.07 22:52:48 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk [2012.04.07 00:28:56 | 000,042,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg [2012.04.06 20:38:31 | 000,617,836 | ---- | M] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf [2012.04.06 17:03:18 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url [2012.04.06 16:38:11 | 000,139,610 | ---- | M] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm [2012.04.05 22:39:23 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk [2012.04.05 22:00:19 | 000,911,499 | ---- | M] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf [2012.04.05 21:12:30 | 000,058,021 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg [2012.04.04 18:47:36 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.04.04 18:47:24 | 000,227,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.04.04 18:47:08 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.04.04 18:47:02 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012.03.31 23:20:45 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\User\Application Data\room_v3.dat [10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.27 03:44:07 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.exe [2012.04.27 00:58:33 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job [2012.04.26 04:33:30 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Tcpview.lnk [2012.04.25 22:55:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe [2012.04.25 22:51:42 | 000,367,166 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache [2012.04.25 22:51:25 | 000,399,428 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache [2012.04.25 21:43:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache [2012.04.25 20:22:25 | 000,251,333 | ---- | C] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf [2012.04.25 20:22:25 | 000,112,143 | ---- | C] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf [2012.04.25 19:26:53 | 000,080,458 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG [2012.04.25 19:25:59 | 002,796,446 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG [2012.04.25 04:47:00 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk [2012.04.25 03:41:27 | 000,000,332 | ---- | C] () -- C:\WINDOWS\desctemp.dat [2012.04.25 00:36:08 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2012.04.25 00:36:08 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2012.04.24 08:36:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\My Documents\MBR.dat [2012.04.22 21:43:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.04.22 21:43:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.04.22 21:43:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.04.22 21:43:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.04.22 21:43:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.04.21 05:18:50 | 000,165,100 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar [2012.04.17 23:43:16 | 000,133,224 | ---- | C] () -- C:\Documents and Settings\User\My Documents\krompir.pdf [2012.04.17 18:39:21 | 000,337,325 | ---- | C] () -- C:\Documents and Settings\User\Desktop\FSS.exe [2012.04.17 17:44:08 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe [2012.04.17 08:08:42 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk [2012.04.17 06:32:37 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012.04.17 06:32:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2012.04.17 06:32:37 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012.04.17 06:28:20 | 000,213,572 | ---- | C] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json [2012.04.16 21:10:30 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2012.04.16 21:10:28 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012.04.15 18:31:24 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc [2012.04.15 18:30:41 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie [2012.04.15 18:30:26 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk [2012.04.15 12:48:44 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe [2012.04.12 19:30:40 | 001,850,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar [2012.04.12 17:50:45 | 008,876,969 | ---- | C] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip [2012.04.12 14:44:37 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job [2012.04.07 22:52:48 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk [2012.04.07 00:28:55 | 000,042,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg [2012.04.06 20:38:30 | 000,617,836 | ---- | C] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf [2012.04.06 16:38:10 | 000,139,610 | ---- | C] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm [2012.04.06 16:08:18 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url [2012.04.06 12:22:26 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-527237240-725345543-1003-0.dat [2012.04.06 05:02:56 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012.04.05 22:39:23 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk [2012.04.05 22:00:19 | 000,911,499 | ---- | C] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf [2012.04.05 20:09:00 | 000,058,021 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg [2012.01.24 15:37:35 | 000,014,368 | ---- | C] () -- C:\WINDOWS\skype.dat [2012.01.24 15:37:05 | 000,032,854 | ---- | C] () -- C:\WINDOWS\iniLS.dat [2012.01.04 20:30:14 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\nwsrmodn.dll [2011.12.18 06:53:44 | 000,718,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011.09.05 01:11:49 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini [2011.08.31 15:38:06 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI [2011.08.31 15:19:01 | 000,000,370 | ---- | C] () -- C:\WINDOWS\dorp.dat [2011.08.08 15:14:26 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.08.08 15:08:40 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll [2011.07.28 16:08:22 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys [2011.07.18 19:33:58 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun [2011.07.04 20:35:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.07.04 20:35:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.07.03 07:12:59 | 000,000,219 | ---- | C] () -- C:\WINDOWS\tropical_beaches1.ini [2011.07.03 07:12:38 | 000,002,149 | ---- | C] () -- C:\WINDOWS\unins002.dat [2011.07.03 07:11:01 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\bvcsky.dll [2011.06.15 05:42:10 | 000,794,906 | ---- | C] () -- C:\WINDOWS\unins001.exe [2011.06.15 05:42:10 | 000,004,189 | ---- | C] () -- C:\WINDOWS\unins001.dat [2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f [2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f [2011.06.08 21:02:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.06.05 23:59:21 | 000,037,556 | ---- | C] () -- C:\WINDOWS\System32\Sylvunins.exe [2011.06.05 20:40:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\UnInstall Tweety Time V4.exe [2011.05.28 02:23:58 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room_v3.dat [2011.05.08 02:09:39 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\rpicfica.bin [2011.04.23 18:08:16 | 000,000,212 | ---- | C] () -- C:\WINDOWS\topocr.INI [2011.04.14 02:09:53 | 000,000,108 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.03.23 10:26:01 | 000,046,658 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room.dat [2011.03.03 12:01:37 | 000,000,652 | ---- | C] () -- C:\WINDOWS\unins000.dat [2011.01.15 12:41:36 | 000,000,170 | ---- | C] () -- C:\WINDOWS\game.ini [2011.01.09 06:57:58 | 002,538,595 | ---- | C] () -- C:\Program Files\Audacity.rar [2010.10.23 21:44:54 | 000,000,088 | ---- | C] () -- C:\WINDOWS\StyleBuilder.INI [2010.10.19 05:48:04 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Readiris.ini [2010.09.29 19:35:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY.INI [2010.09.14 12:07:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\SW_Win2000X9.DLL [2010.09.14 12:05:54 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win3112X32.DLL [2010.09.14 12:05:33 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\beconvlib.dll [2010.09.14 12:05:33 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\bprgcomm.dll [2010.09.14 12:05:33 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll [2010.09.14 12:05:33 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx151ic.ini [2010.09.14 12:05:32 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SII_PDF.dll [2010.09.14 12:05:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll [2010.09.14 12:05:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll [2010.09.14 12:05:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe < End of report >
  12. I uninstaled old and instaled new Java. i didnt get those warnings about malicious IP yet. Everzthng else is the same. I checked out port 25 by using telnet command it is blocked. PC coudnt connect through that port. I wonder what is blocking those ports... I cannot send anything, I cannot get to some sites...
  13. 2012/04/26 04:35:35 +0200 MOBILE User MESSAGE Starting protection 2012/04/26 04:35:54 +0200 MOBILE User MESSAGE Protection started successfully 2012/04/26 04:35:57 +0200 MOBILE User MESSAGE Starting IP protection 2012/04/26 04:37:35 +0200 MOBILE User MESSAGE IP Protection started successfully 2012/04/26 10:58:43 +0200 MOBILE User MESSAGE Starting protection 2012/04/26 10:59:07 +0200 MOBILE User MESSAGE Protection started successfully 2012/04/26 10:59:11 +0200 MOBILE User MESSAGE Starting IP protection 2012/04/26 11:00:16 +0200 MOBILE User MESSAGE IP Protection started successfully 2012/04/26 11:00:33 +0200 MOBILE User IP-BLOCK 208.73.210.29 (Type: outgoing) 2012/04/26 11:00:36 +0200 MOBILE User IP-BLOCK 208.73.210.29 (Type: outgoing) 2012/04/26 11:00:42 +0200 MOBILE User IP-BLOCK 208.73.210.29 (Type: outgoing) 2012/04/26 11:00:59 +0200 MOBILE User IP-BLOCK 208.73.210.29 (Type: outgoing) 2012/04/26 11:01:01 +0200 MOBILE User IP-BLOCK 208.73.210.29 (Type: outgoing)