DejanS

208.73.210.29 blocked by M.Anti-Malvare, cannot open some sites in any browser

80 posts in this topic

I forgot to say... Anti-malware again snes pop-ups with that IP...

Share this post


Link to post
Share on other sites

I forgot to say - Anti-malware again sends warnings about that blocked IP.

Share this post


Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

OTL logfile created on: 26.4.2012 1:46:29 - Run 1

OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\User\My Documents\Downloads

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C1A | Country: Serbia and Montenegro | Language: SRB | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,60% Memory free

4,78 Gb Paging File | 4,23 Gb Available in Paging File | 88,43% Paging File free

Paging file location(s): C:\pagefile.sys 3000 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 2,99 Gb Free Space | 6,13% Space Free | Partition Type: NTFS

Drive D: | 184,05 Gb Total Space | 5,25 Gb Free Space | 2,85% Space Free | Partition Type: NTFS

Drive F: | 195,31 Gb Total Space | 6,48 Gb Free Space | 3,32% Space Free | Partition Type: NTFS

Drive G: | 75,13 Gb Total Space | 7,22 Gb Free Space | 9,60% Space Free | Partition Type: NTFS

Drive H: | 195,31 Gb Total Space | 11,26 Gb Free Space | 5,77% Space Free | Partition Type: NTFS

Computer Name: MOBILE | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.26 01:44:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe

PRC - [2012.03.22 00:27:28 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

PRC - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.12.24 18:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.07.11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe

PRC - [2011.06.01 13:05:32 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe

PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe

PRC - [2011.01.12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe

PRC - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe

PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2010.01.31 19:23:34 | 000,661,776 | -H-- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe

PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2007.09.10 15:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE

PRC - [2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.05.15 11:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe

PRC - [2006.03.29 17:12:06 | 000,364,544 | ---- | M] () -- C:\Program Files\TP-LINK\TWCU\TWCU.exe

PRC - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe

========== Modules (No Company Name) ==========

MOD - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe

MOD - [2010.10.22 17:29:54 | 000,133,120 | ---- | M] () -- C:\Program Files\Free Desktop Clock\Clock.dll

MOD - [2010.06.01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll

MOD - [2007.06.07 21:11:12 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm

MOD - [2006.10.22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll

MOD - [2006.03.29 17:12:06 | 000,364,544 | ---- | M] () -- C:\Program Files\TP-LINK\TWCU\TWCU.exe

MOD - [2006.03.21 10:52:30 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\wgapi.dll

MOD - [2006.01.20 09:50:52 | 000,094,208 | ---- | M] () -- C:\Program Files\TP-LINK\TWCU\oemres.dll

MOD - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe

MOD - [2004.08.04 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012.04.24 20:21:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.03.15 09:18:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)

SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)

SRV - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\IGRICE\UltraStar Deluxe\zlportio.sys -- (zlportio)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vsc.sys -- (vsc32)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\WNt500x86\Sandra.sys -- (SANDRA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\1151.tmp -- (MEMSWEEP2)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MTiCtwl.sys -- (MagicTune)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\YFH31BF.tmp -- (GarenaPEngine)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdTools.sys -- (amdtools)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\AMDPCI.sys -- (AMDPCI)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)

DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.02.18 16:12:12 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2010.12.21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2010.12.21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)

DRV - [2010.12.21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)

DRV - [2010.08.03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)

DRV - [2010.05.26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)

DRV - [2009.09.09 14:18:57 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2009.07.17 02:46:46 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)

DRV - [2009.06.22 19:38:18 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2009.06.22 19:24:48 | 000,100,480 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)

DRV - [2009.04.05 02:33:14 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)

DRV - [2008.05.28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)

DRV - [2008.01.30 23:41:08 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2008.01.30 23:41:08 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2008.01.30 23:26:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2007.10.07 05:23:47 | 000,002,208 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nxsIO32.sys -- (nxsIO32)

DRV - [2007.10.04 05:24:42 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2007.07.24 09:45:20 | 000,328,824 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10)

DRV - [2007.07.11 10:20:26 | 000,201,848 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10)

DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2007.05.14 23:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)

DRV - [2007.05.14 23:40:16 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)

DRV - [2007.05.14 23:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)

DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2007.05.10 12:28:08 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007.05.09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)

DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)

DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)

DRV - [2006.11.23 17:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)

DRV - [2006.11.21 23:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)

DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2006.08.14 22:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2006.06.19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006.03.26 14:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2006.03.24 18:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)

DRV - [2006.03.13 11:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2005.12.22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2005.12.22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2005.12.22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2005.12.21 11:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV - [2005.08.30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)

DRV - [2005.08.30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)

DRV - [2005.08.30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV - [2005.02.11 22:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2004.10.26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)

DRV - [2004.08.11 06:42:28 | 000,454,815 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50)

DRV - [2004.08.04 07:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)

DRV - [2002.09.09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)

DRV - [2001.08.17 14:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)

DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}&src=IE-SearchBox&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}'>http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}&src=IE-SearchBox&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaultthis.engineName: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q="

FF - prefs.js..browser.search.order.1: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442

FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3

FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.01 13:06:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 20:21:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.08.21 07:32:52 | 000,000,000 | ---D | M]

[2011.01.20 15:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions

[2012.04.25 19:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions

[2011.03.23 15:24:57 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}

[2012.03.19 22:18:59 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

[2010.07.31 00:02:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}(2)

[2009.03.12 01:48:11 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)

[2012.03.30 05:35:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.06.14 18:24:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)

[2011.11.13 00:21:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(3)

[2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Curacao) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}(2)

[2012.04.25 19:54:51 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2012.03.02 02:51:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009.03.12 01:48:11 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\nasanightlaunch@example(2).com

[2009.05.15 09:09:38 | 000,002,042 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\facebook.xml

[2010.09.04 17:08:21 | 000,002,079 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\google.xml

[2012.04.17 06:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DM5592B1.DEFAULT\EXTENSIONS\BYM@SAVETHEWORLD.ORG.XPI

[2012.04.24 20:21:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.03.13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Cortona VRML Client (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCortona.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\WINDOWS\system32\npmirage.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

CHR - Extension: Skype Click to Call = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2012.04.22 16:14:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {C11483F7-D7D8-4804-98D8-6055470BB989} - No CLSID value found.

O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)

O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [TWCU] C:\Program Files\TP-LINK\TWCU\TWCU.exe ()

O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [skinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe ()

O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315113466093 (MUCatalogWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} http://pcpitstop.com/antivirus/PitPav.cab (AV Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.117.194.2 82.117.194.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E0A5C03-2F42-4E86-933C-CC9403ED7B2A}: DhcpNameServer = 82.117.194.2 82.117.194.3

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.10.04 05:15:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.04.25 21:53:47 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2012.04.25 19:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\QuickScan

[2012.04.25 06:53:24 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys

[2012.04.25 04:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\OxyCube

[2012.04.25 04:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Oxygen Software

[2012.04.25 04:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Oxygen Software

[2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla

[2012.04.22 21:43:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012.04.22 21:43:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012.04.22 21:43:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012.04.22 21:43:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012.04.22 21:42:15 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.04.21 07:36:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent

[2012.04.17 08:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis

[2012.04.17 08:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\HostsMan

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HostsMan

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\abelhadigital.com

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com

[2012.04.17 06:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012.04.16 21:10:23 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012.04.16 20:58:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012.04.15 18:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller

[2012.04.15 18:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller

[2012.04.14 18:35:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012.04.06 16:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-_files

[2012.04.05 22:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Freemake

[2012.04.05 22:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freemake

[2012.04.05 22:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake

[2012.03.30 16:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rovio

[2012.03.27 02:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Chessmaster 10th Edition

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.26 01:33:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003UA.job

[2012.04.26 01:32:14 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Outlook 2003.lnk

[2012.04.26 01:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.26 01:29:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-527237240-725345543-1003.job

[2012.04.26 01:29:43 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job

[2012.04.25 23:32:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.25 23:23:56 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job

[2012.04.25 23:19:14 | 000,596,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.04.25 23:19:14 | 000,125,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.04.25 23:14:15 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2012.04.25 23:14:08 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.04.25 23:13:35 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat

[2012.04.25 23:13:31 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.25 23:12:31 | 000,000,552 | ---- | M] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini

[2012.04.25 22:56:07 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe

[2012.04.25 22:51:42 | 000,367,166 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache

[2012.04.25 22:51:25 | 000,399,428 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache

[2012.04.25 22:33:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003Core.job

[2012.04.25 21:43:45 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2012.04.25 20:21:08 | 000,112,143 | ---- | M] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf

[2012.04.25 20:20:24 | 000,251,333 | ---- | M] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf

[2012.04.25 20:01:54 | 002,796,446 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG

[2012.04.25 19:26:53 | 000,080,458 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG

[2012.04.25 19:23:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2012.04.25 17:13:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.04.25 06:56:23 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys

[2012.04.25 04:47:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk

[2012.04.25 03:56:29 | 000,000,332 | ---- | M] () -- C:\WINDOWS\desctemp.dat

[2012.04.25 00:36:08 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2012.04.24 08:39:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.04.24 08:36:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\My Documents\MBR.dat

[2012.04.23 14:05:31 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk

[2012.04.22 16:14:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012.04.21 05:18:50 | 000,165,100 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar

[2012.04.19 03:57:21 | 000,193,536 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.17 23:43:06 | 000,133,224 | ---- | M] () -- C:\Documents and Settings\User\My Documents\krompir.pdf

[2012.04.17 18:38:49 | 000,337,325 | ---- | M] () -- C:\Documents and Settings\User\Desktop\FSS.exe

[2012.04.17 17:43:34 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe

[2012.04.17 08:08:42 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk

[2012.04.17 06:32:37 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012.04.17 06:32:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012.04.17 06:28:20 | 000,213,572 | ---- | M] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json

[2012.04.16 21:26:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Copy of hosts

[2012.04.16 21:10:30 | 000,000,339 | RHS- | M] () -- C:\boot.ini

[2012.04.15 18:31:24 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc

[2012.04.15 18:30:41 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie

[2012.04.15 18:30:26 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk

[2012.04.15 12:48:44 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe

[2012.04.13 20:43:17 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

[2012.04.13 20:43:17 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

[2012.04.12 19:30:41 | 001,850,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar

[2012.04.12 17:51:11 | 008,876,969 | ---- | M] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip

[2012.04.11 02:40:04 | 000,002,665 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Readon TV Movie Radio Player.lnk

[2012.04.08 05:53:24 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP-LINK.url

[2012.04.07 22:52:48 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk

[2012.04.07 00:28:56 | 000,042,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg

[2012.04.06 20:38:31 | 000,617,836 | ---- | M] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf

[2012.04.06 17:03:18 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url

[2012.04.06 16:38:11 | 000,139,610 | ---- | M] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm

[2012.04.05 22:39:23 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk

[2012.04.05 22:00:19 | 000,911,499 | ---- | M] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf

[2012.04.05 21:12:30 | 000,058,021 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg

[2012.03.31 23:20:45 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\User\Application Data\room_v3.dat

[2012.03.27 21:50:42 | 001,271,653 | ---- | M] () -- C:\Documents and Settings\User\My Documents\veseli kraj nedeljesrb_c5_1.pdf

[2012.03.27 02:32:59 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Chessmaster 10th Edition.lnk

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.25 23:23:56 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job

[2012.04.25 22:55:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe

[2012.04.25 22:51:42 | 000,367,166 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache

[2012.04.25 22:51:25 | 000,399,428 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache

[2012.04.25 21:43:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2012.04.25 20:22:25 | 000,251,333 | ---- | C] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf

[2012.04.25 20:22:25 | 000,112,143 | ---- | C] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf

[2012.04.25 19:26:53 | 000,080,458 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG

[2012.04.25 19:25:59 | 002,796,446 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG

[2012.04.25 04:47:00 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk

[2012.04.25 03:41:27 | 000,000,332 | ---- | C] () -- C:\WINDOWS\desctemp.dat

[2012.04.25 00:36:08 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2012.04.25 00:36:08 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2012.04.24 08:36:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\My Documents\MBR.dat

[2012.04.22 21:43:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012.04.22 21:43:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012.04.22 21:43:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012.04.22 21:43:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012.04.22 21:43:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012.04.21 05:18:50 | 000,165,100 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar

[2012.04.17 23:43:16 | 000,133,224 | ---- | C] () -- C:\Documents and Settings\User\My Documents\krompir.pdf

[2012.04.17 18:39:21 | 000,337,325 | ---- | C] () -- C:\Documents and Settings\User\Desktop\FSS.exe

[2012.04.17 17:44:08 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe

[2012.04.17 08:08:42 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk

[2012.04.17 06:32:37 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012.04.17 06:32:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2012.04.17 06:32:37 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012.04.17 06:28:20 | 000,213,572 | ---- | C] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json

[2012.04.16 21:10:30 | 000,000,223 | ---- | C] () -- C:\Boot.bak

[2012.04.16 21:10:28 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012.04.15 18:31:24 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc

[2012.04.15 18:30:41 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie

[2012.04.15 18:30:26 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk

[2012.04.15 12:48:44 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe

[2012.04.12 19:30:40 | 001,850,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar

[2012.04.12 17:50:45 | 008,876,969 | ---- | C] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip

[2012.04.12 14:44:37 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job

[2012.04.07 22:52:48 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk

[2012.04.07 00:28:55 | 000,042,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg

[2012.04.06 20:38:30 | 000,617,836 | ---- | C] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf

[2012.04.06 16:38:10 | 000,139,610 | ---- | C] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm

[2012.04.06 16:08:18 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url

[2012.04.06 12:22:26 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-527237240-725345543-1003-0.dat

[2012.04.06 05:02:56 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012.04.05 22:39:23 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk

[2012.04.05 22:00:19 | 000,911,499 | ---- | C] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf

[2012.04.05 20:09:00 | 000,058,021 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg

[2012.03.27 21:50:42 | 001,271,653 | ---- | C] () -- C:\Documents and Settings\User\My Documents\veseli kraj nedeljesrb_c5_1.pdf

[2012.03.27 02:32:59 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Chessmaster 10th Edition.lnk

[2012.03.27 02:32:58 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Search.url

[2012.01.24 15:37:35 | 000,014,368 | ---- | C] () -- C:\WINDOWS\skype.dat

[2012.01.24 15:37:05 | 000,032,854 | ---- | C] () -- C:\WINDOWS\iniLS.dat

[2012.01.04 20:30:14 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\nwsrmodn.dll

[2011.12.18 06:53:44 | 000,718,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011.09.05 01:11:49 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini

[2011.08.31 15:38:06 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI

[2011.08.31 15:19:01 | 000,000,370 | ---- | C] () -- C:\WINDOWS\dorp.dat

[2011.08.08 15:14:26 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2011.08.08 15:08:40 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll

[2011.07.28 16:08:22 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys

[2011.07.18 19:33:58 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun

[2011.07.04 20:35:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2011.07.04 20:35:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2011.07.03 07:12:59 | 000,000,219 | ---- | C] () -- C:\WINDOWS\tropical_beaches1.ini

[2011.07.03 07:12:38 | 000,002,149 | ---- | C] () -- C:\WINDOWS\unins002.dat

[2011.07.03 07:11:01 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\bvcsky.dll

[2011.06.15 05:42:10 | 000,794,906 | ---- | C] () -- C:\WINDOWS\unins001.exe

[2011.06.15 05:42:10 | 000,004,189 | ---- | C] () -- C:\WINDOWS\unins001.dat

[2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f

[2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f

[2011.06.08 21:02:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011.06.05 23:59:21 | 000,037,556 | ---- | C] () -- C:\WINDOWS\System32\Sylvunins.exe

[2011.06.05 20:40:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\UnInstall Tweety Time V4.exe

[2011.05.28 02:23:58 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room_v3.dat

[2011.05.08 02:09:39 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\rpicfica.bin

[2011.04.23 18:08:16 | 000,000,212 | ---- | C] () -- C:\WINDOWS\topocr.INI

[2011.04.14 02:09:53 | 000,000,108 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011.03.23 10:26:01 | 000,046,658 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room.dat

[2011.03.03 12:01:37 | 000,000,652 | ---- | C] () -- C:\WINDOWS\unins000.dat

[2011.01.15 12:41:36 | 000,000,170 | ---- | C] () -- C:\WINDOWS\game.ini

[2011.01.09 06:57:58 | 002,538,595 | ---- | C] () -- C:\Program Files\Audacity.rar

[2010.10.23 21:44:54 | 000,000,088 | ---- | C] () -- C:\WINDOWS\StyleBuilder.INI

[2010.10.19 05:48:04 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Readiris.ini

[2010.09.29 19:35:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY.INI

[2010.09.14 12:07:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\SW_Win2000X9.DLL

[2010.09.14 12:05:54 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win3112X32.DLL

[2010.09.14 12:05:33 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\beconvlib.dll

[2010.09.14 12:05:33 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\bprgcomm.dll

[2010.09.14 12:05:33 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll

[2010.09.14 12:05:33 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx151ic.ini

[2010.09.14 12:05:32 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SII_PDF.dll

[2010.09.14 12:05:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll

[2010.09.14 12:05:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll

[2010.09.14 12:05:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 26.4.2012 1:46:29 - Run 1

OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\User\My Documents\Downloads

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C1A | Country: Serbia and Montenegro | Language: SRB | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,60% Memory free

4,78 Gb Paging File | 4,23 Gb Available in Paging File | 88,43% Paging File free

Paging file location(s): C:\pagefile.sys 3000 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 2,99 Gb Free Space | 6,13% Space Free | Partition Type: NTFS

Drive D: | 184,05 Gb Total Space | 5,25 Gb Free Space | 2,85% Space Free | Partition Type: NTFS

Drive F: | 195,31 Gb Total Space | 6,48 Gb Free Space | 3,32% Space Free | Partition Type: NTFS

Drive G: | 75,13 Gb Total Space | 7,22 Gb Free Space | 9,60% Space Free | Partition Type: NTFS

Drive H: | 195,31 Gb Total Space | 11,26 Gb Free Space | 5,77% Space Free | Partition Type: NTFS

Computer Name: MOBILE | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

.reg [@ = Regedit.Document] -- c:\Winnt\Regedit.exe %1

[HKEY_USERS\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf ()

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"57220:TCP" = 57220:TCP:*:Enabled:Pando Media Booster

"57220:UDP" = 57220:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"12799:TCP" = 12799:TCP:*:Enabled:BitTorrent port

"57220:TCP" = 57220:TCP:*:Enabled:Pando Media Booster

"57220:UDP" = 57220:UDP:*:Enabled:Pando Media Booster

"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher

"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher

"6994:TCP" = 6994:TCP:*:Enabled:League of Legends Launcher

"6994:UDP" = 6994:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"D:\IGRICE\Valve\hl.exe" = D:\IGRICE\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\ECR Tool\ECRSrvAPI.exe" = C:\Program Files\ECR Tool\ECRSrvAPI.exe:*:Enabled:ECRSrvAPI -- ()

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"D:\IGRICE\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = D:\IGRICE\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)

"D:\IGRICE\Midway Home Entertainment\Stranglehold\Binaries\Retail-Stranglehold.exe" = D:\IGRICE\Midway Home Entertainment\Stranglehold\Binaries\Retail-Stranglehold.exe:*:Enabled:Stranglehold -- (Midway Home Entertainment Inc)

"C:\Program Files\Counter-Strike 1.6\hl.exe" = C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)

"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)

"D:\IGRICE\Valve\hltv.exe" = D:\IGRICE\Valve\hltv.exe:*:Enabled:HLTV Launcher -- (Valve)

"D:\IGRICE\Valve\hlds.exe" = D:\IGRICE\Valve\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)

"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)

"D:\IGRICE\Warcraft III\Warcraft III.exe" = D:\IGRICE\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)

"D:\IGRICE\Warcraft III\War3.exe" = D:\IGRICE\Warcraft III\War3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)

"D:\IGRICE\Farkle\farkle.exe" = D:\IGRICE\Farkle\farkle.exe:*:Disabled:farkle -- ()

"D:\IGRICE\EA GAMES\MOHAA\MOHAA.exe" = D:\IGRICE\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)

"D:\IGRICE\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe" = D:\IGRICE\Deep Silver\Sacred 2 - Fallen Angel\system\s2gs.exe:*:Enabled:Sacred 2 Game Server -- (Ascaron Entertainment GmbH)

"D:\IGRICE\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe" = D:\IGRICE\Deep Silver\Sacred 2 - Fallen Angel\system\sacred2.exe:*:Enabled:Sacred 2 -- (Ascaron Entertainment GmbH)

"H:\IGRICE\2K Sports\NBA 2K10\nba2k10.exe" = H:\IGRICE\2K Sports\NBA 2K10\nba2k10.exe:*:Enabled:2K Sports NBA 2K10 -- (2K Sports)

"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)

"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)

"H:\IGRICE\Encore\Hoyle Card Games 2009\Hoyle Card Games.exe" = H:\IGRICE\Encore\Hoyle Card Games 2009\Hoyle Card Games.exe:*:Enabled:Hoyle Card Games -- ()

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"H:\IGRICE\Sports Interactive\Football Manager 2010\fm.exe" = H:\IGRICE\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

"H:\IGRICE\League of Legends\Air\LolClient.exe" = H:\IGRICE\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)

"H:\IGRICE\League of Legends\Game\League of Legends.exe" = H:\IGRICE\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()

"H:\IGRICE\Empire of Sports\EmpireOfSports.exe" = H:\IGRICE\Empire of Sports\EmpireOfSports.exe:*:Enabled:Empire of Sports -- (Empire of Sports Developments Ltd)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"H:\IGRICE\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe" = H:\IGRICE\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Disabled:R6Vegas2_Game -- ()

"H:\IGRICE\NeutronGames\HC Trainingscamp\HCTrainingscamp.exe" = H:\IGRICE\NeutronGames\HC Trainingscamp\HCTrainingscamp.exe:*:Enabled:HC Trainingscamp -- ()

"H:\IGRICE\NeutronGames\HC Trainingscamp\updater\Updater.exe" = H:\IGRICE\NeutronGames\HC Trainingscamp\updater\Updater.exe:*:Enabled:HC Updater -- (CatenaLogic)

"H:\IGRICE\KONAMI\Pro Evolution Soccer 2011\pes2011.exe" = H:\IGRICE\KONAMI\Pro Evolution Soccer 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011 -- (Konami Digital Entertainment Co., Ltd.)

"H:\IGRICE\2K Sports\NBA 2K11\nba2k11.exe" = H:\IGRICE\2K Sports\NBA 2K11\nba2k11.exe:*:Enabled:NBA 2K11 -- (2K Sports)

"H:\IGRICE\KONAMI\Pro Evolution Soccer 2011\JSL-2011.exe" = H:\IGRICE\KONAMI\Pro Evolution Soccer 2011\JSL-2011.exe:*:Enabled:Pro Evolution Soccer 2011 -- (Konami Digital Entertainment Co., Ltd.)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"H:\IGRICE\Ubisoft\Far Cry 2\bin\FarCry2.exe" = H:\IGRICE\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)

"H:\IGRICE\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = H:\IGRICE\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)

"H:\IGRICE\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = H:\IGRICE\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)

"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()

"C:\Program Files\Security Task Manager\TaskMan.exe" = C:\Program Files\Security Task Manager\TaskMan.exe:192.168.111.200/255.255.255.255:Enabled:Security Task Manager -- (Neuber GmbH)

"H:\IGRICE\Yu Gi Oh PoC Joey the Passion\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\joey_pc.exe" = H:\IGRICE\Yu Gi Oh PoC Joey the Passion\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\joey_pc.exe:*:Enabled:joey_pc -- ()

"C:\Documents and Settings\User\Application Data\GameRanger\GameRanger\GameRanger.exe" = C:\Documents and Settings\User\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger -- (GameRanger Technologies)

"H:\IGRICE\KONAMI\Pro Evolution Soccer 2012\pes2012.exe" = H:\IGRICE\KONAMI\Pro Evolution Soccer 2012\pes2012.exe:*:Enabled:Pro Evolution Soccer 2012 -- (Konami Digital Entertainment Co., Ltd.)

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"H:\IGRICE\2K Sports\NBA 2K12\nba2k12.exe" = H:\IGRICE\2K Sports\NBA 2K12\nba2k12.exe:*:Enabled:NBA 2K12 -- (2K Sports)

"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{AA902C31-B49D-4608-BCCF-2519EB77722D}" = Corel VideoStudio Pro X4

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking

"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12

"{06218599-4129-435F-B099-AC6F96946A9E}" = Urban Freestyle Soccer

"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"{0800A3B3-C012-42A9-877B-18F109FC2F6A}" = Readon TV Movie Radio Player 7.4.0.0

"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club

"{098F0462-A6D9-4FB4-87B0-0F46BF0E7EFB}" = The Incredibles

"{09920072-6923-4E37-A150-5C6A3092DB7E}" = Neighbours From Hell

"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10

"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English

"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III

"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery

"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault

"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6

"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{138B53E6-34D8-45FF-89D7-1D54A44FA355}" = Nokia Series 40 Theme Studio 2.2

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch

"{141FBF87-4FB4-41E1-80B4-E1389268D541}" = GameShadow

"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner 1.0

"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu

"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files

"{1A995D22-F711-4199-83D4-579B593A46C5}" = TMPGEnc DVD Author 1.6

"{1AEAA6CC-98C2-4650-A217-EF5F92C3E602}" = NRadioBox

"{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}" = PAK Explorer

"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00

"{20F0F67B-CB0F-4C85-B6F2-133D9CB70614}" = Samsung PC Studio

"{20FA8AEE-E785-4F79-98EB-2067A8F395F4}" = Monopoly

"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine

"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09

"{23289F5E-22A4-4A09-B6F3-66651EE4A765}_is1" = OxyCube

"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin

"{23345AA6-C5DB-45E0-BC40-AB012B614250}_is1" = Chess Commander 1.24

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{24933F5C-87D7-4BB8-ABA1-85FF59F74584}" = City Bus Simulator 2010 - New York

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{26216747-CCA3-4045-9B71-F0FB3459791E}" = Are You Smarter Than A 5th Grader? - Make The Grade

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14

"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = TP-LINK Client Installation Program

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2DFF2906-52BB-4222-8062-1509259FC013}" = GUN

"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5

"{30433BBA-5358-4B41-817E-E694092DC178}" = Crazy Machines II

"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1

"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types

"{350F35E1-E447-465A-A149-85A2D7083019}" = Mortimer Beckett And The Secrets Of Spooky Manor

"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{377C9E1B-28E9-40C3-836C-85F8E839D4E6}" = John Deere Drive Green

"{38D80A4C-D893-4985-BA3F-0B1D9E848CED}" = ESET Smart Security

"{39653FF4-6BF5-4B95-9290-EB04EC7BA25B}" = X3mE Yamb

"{3990E632-42C3-4A25-ADFF-1101E3D6DD47}" = VSClassic

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3C6DDE5E-EAF8-4651-9951-ED591F6A8510}" = Battle for the Pacific

"{3E5DA526-F420-45A6-9F27-D2B5246D6823}" = Free Natural Text to Speech Reader 2008

"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space

"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX

"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing

"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517

"{43A44FC2-FC81-444F-B847-D93F535B7208}" = Neighbours From Hell 2

"{479C85BE-93E3-49B7-A57D-C5D4EF374F4E}" = RummyRoyal.com

"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared

"{4833435D-7A4D-4D15-86F4-51C2D15549CF}" = AKVIS Coloriage

"{485C9280-B899-4D46-86F3-B3E459636EE5}" = Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply

"{48ADB3C0-18FB-4922-B172-7C8C4B99409C}" = Kung Fu Panda

"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01

"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5

"{4A3F4620-091E-4E12-AEFD-9DA56DF42B8F}" = Alpha Prime DEMO

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City

"{4B4F81E0-9150-11D4-A594-0050BAC6946A}" = NickToons Racing

"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content

"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12

"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{544DB849-AB59-4C12-A333-2F214E24870F}" = Commandos Strike Force

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services

"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

"{60A86035-3EAD-401C-8C8F-5CB46977320F}" = QuickSnooker

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{62CF0BF4-F6DB-4175-A8F5-9C20F53A99CE}" = Fashion Cents 1.6.2

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6736E2A0-3B7C-4CAA-A508-7400F6A8969B}" = The Sum of All Fears

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{692854CC-97EF-4307-B787-8C6787B91033}" = Nero 7 Premium

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings

"{6E298B0A-558C-4138-0096-740677B382CD}" = LOTR The Return of the King tm

"{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3}" = HostsMan 3.2.73

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone

"{745877DC-8FFE-4E4C-ABBC-589B887A47D1}" = Virtual Sound Canvas DXi

"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.7

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor

"{797E03F8-C8A0-47ED-AA9F-D7076276E491}" = Ford Racing 3

"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore

"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World

"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders

"{7CDD0F65-641F-4637-888A-208713EE0ED6}" = Majestic Chess

"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{82799854-39DF-4EC3-8778-918CE0C81A3F}_is1" = Skype Launcher

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{8466123B-2CBE-4809-8FAF-94D1F76BC4FE}" = AKVIS Chameleon

"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles

"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0 SE DVD

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007

"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2

"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer

"{9293D559-8011-420F-93A5-B728D49E4DB6}" = Anvil Studio 2011

"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII

"{93BC44A2-0A38-4144-A7EE-DC4AAF2B4099}_is1" = MMANA-GAL_Basic version 3

"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9596C29E-1DA9-4063-848A-024515E618BE}" = TMNT

"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime

"{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}" = Pro Evolution Soccer 2011

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3

"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6

"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08

"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1" = WAV MP3 Converter v4.2 build 1259

"{A567895C-1D23-48ED-BE83-FB3ED7D30442}" = IPM_VS_Pro

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AA902C31-B49D-4608-BCCF-2519EB77722D}" = ICA

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC5B2524-34DD-4B66-B294-69DF1B865869}_is1" = Handball Challenge Trainingscamp

"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1

"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8

"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set

"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1

"{AEA03D8E-87B5-4862-B82A-B5FE5A469BA0}_is1" = Chessmaster 10th Edition

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com

"{AF10D7E4-D29A-45DA-8050-B116097B69B5}" = Safari

"{B0125BEB-6731-43FA-88DA-B64D7BD3AD2D}" = VSPro

"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader

"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0

"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3

"{B84ECBE1-6ED5-4E86-B4AB-DF46D342411F}" = Share

"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer

"{B87FAC24-973D-4A4F-AFC4-555FB95B32DB}" = PureHD

"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data

"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{B9FA15C8-17D4-4E71-A6D9-C33E7BDA83AF}_is1" = International Volleyball 2010

"{BAA6BD76-9B5A-4ED3-98BE-0127E8F14541}" = Windows Live Photo Gallery

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content

"{BDEE7660-E08C-4824-8577-6CE12F8C3492}_is1" = gPhotoShow v1.6.3

"{BE385F94-89BA-4190-995D-FBC37D06CB99}" = Antenna Magus (Evaluation)

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1157104-1574-4BD2-99C7-0AAB5DF4275F}" = Pirates of the Caribbean

"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited

"{C3A3B7AA-DBB8-45CD-A221-1A9A91C20FC5}" = SizeFixer XL

"{C40AD26C-855D-45DF-BB8F-B339707E7ABC}" = Rock Tour

"{C4778408-3268-45CE-AE15-772D1739A1F1}" = VIO

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C5EB90E1-8A46-4ED5-009D-C793E646C04F}" = Need for Speed Underground 2 Demo

"{C6017EEA-9E51-4129-84BA-EFA9520E69D8}" = Common

"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU

"{C6E52B1B-9905-469A-B8CD-399FDFA98873}" = MIT MathML Fonts 1.0

"{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}" = FlatOut2

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CA03B355-9C1D-4AB2-AA88-02AAD523BA66}" = Readiris Pro 11 Corporate Edition

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CC4C7E9B-4B26-4D8D-8076-40CF708A9FA4}" = Contents

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1

"{CEB18AEB-0C84-4246-8BD3-0BA8F95D56DF}" = Skotovi

"{CF72DC2F-F292-4D2B-B4E8-7D2060F095DA}" = ArtRage

"{D07F85DE-22F1-4FB4-B3D1-402FD22C4870}" = DeviceIO

"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium

"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker

"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas

"{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}" = Devil May Cry 3 Special Edition

"{D68897FC-7E8D-4849-819A-726B2489713C}" = ISCOM

"{D77DBB31-D3EB-4405-8785-488CA60ECE46}" = AKVIS Retoucher

"{D7AC932D-297F-46C8-9834-FA23854CC150}_is1" = MKV Converter Studio V2.0.1

"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set

"{D8D9BCF5-0F5F-4D3F-8427-64B7632F93BE}" = Setup

"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client

"{DA2B455A-B0BE-4C5A-B73A-0615F37C81D5}" = Beowulf TM

"{DCF84385-88E3-4472-8144-E95B823FC5DB}" = The Print Shop 21

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio

"{E0E400F5-422B-4540-A14F-B0739D71FEE7}" = Microsoft Reader Text-to-Speech for English

"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}" = Syberia

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5570C7E-D98A-4C13-B94F-E1DCD6E3BA6F}" = Hidden Expedition - Titanic

"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English

"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E6EFEA48-2D42-4461-99DA-43E0CD5A8445}" = Adorable Pets #6 Animated Wallpaper

"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne

"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts

"{EDA2E9CA-8B7E-4BC0-9B0F-34B299555BF3}" = Retail Virtual EVE

"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager

"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2

"{ENS31293-4DD5-81C6-25A8-624AC34560024}_is1" = Enchanted Forest

"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set

"{F0816004-8FFF-40D5-9699-23A14BAF07A4}" = RUNAWAY - A road adventure

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver

"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01

"{F3B9EE16-DF24-46CC-A4CE-DE4F577ECD45}" = Inside The Beast

"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour

"{F5936267-D467-4e7b-8940-A7D9F0398EF3}" = HP Deskjet Printer Driver Software 9.0

"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run

"{FB1CCBED-FA66-4D30-BFD7-EF20AD0A81FE}" = Hoyle Board Games 2005

"{FB28E2FA-9D08-4006-A584-6E1273A8E036}" = KGB Archiver 2

"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows

"{FC5495CB-CDA5-4DCE-99DF-D1567DAF5A86}" = TMPGEnc 4.0 XPress

"{FD1B1980-8CAB-4474-89F8-1245AF657AD1}" = Harry Potter and the Half-Blood Prince™

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"{FF377A7C-0A0F-4A0E-B921-4888DC4C0ACE}" = Nitro PDF Professional

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"18 WoS Extreme Trucker 2" = 18 WoS Extreme Trucker 2 (v.1.0)

"1STFREE_is1" = 1st Free Solitaire 1.7.1

"3D Flash Animator 4.9.8.7" = 3D Flash Animator 4.9.8.7

"3D Live Pool_is1" = 3D Live Pool

"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"5C3CA701-8F7B-4F3A-BFC4-C08BF9ABBEDF" = DMS DJ Promixer Full

"7art Antic Clock Screensaver_is1" = 7art Antic Clock © 7art-screensavers.com

"7-Zip" = 7-Zip 4.65

"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007

"Abdio PDF Editor v7.1 (Corporation License)" = Abdio PDF Editor v7.1 (Corporation License)

"AC3Filter" = AC3Filter (remove only)

"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker

"Activision_TGRUninstallKey" = The Gladiators of Rome

"Adobe Flash CS3" = Adobe Flash CS3

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings

"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium

"Air Conflicts" = Air Conflicts

"Air Guard Full" = Air Guard Full

"AllToAVI" = AllToAVI v4 r5394

"Alґs Home" = Alґs Home

"Amsterdam Street Racer" = Amsterdam Street Racer 1.0

"Animated Tropical Beaches_is1" = Animated Tropical Beaches

"AnyTV Free_is1" = AnyTV Free 2.14

"Astro Gemini Screensaver Manager_is1" = Astro Gemini Screensaver Manager 2.0

"Attack on Pearl Harbor" = Attack on Pearl Harbor

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)

"Avi To MPEG Scout_is1" = Avi To MPEG Scout

"Aztec_Bricks_is1" = Aztec Bricks

"Back To The Future 1" = Back To The Future 1 Screen Saver

"BackgammonMasters_is1" = BackgammonMasters Client

"Banner Maker Pro 7_is1" = Banner Maker Pro Version 7

"BattleFleet:PACIFIC WAR" = BattleFleet:PACIFIC WAR

"BFE1_is1" = BFE1

"BHODemon_is1" = BHODemon 1.0

"Boxing Manager_is1" = Boxing Manager

"Bridge Builder" = Bridge Builder

"Bridge Building Game" = Bridge Building Game

"BSPlayerp" = BS.Player PRO

"CalendarPainter_is1" = CalendarPainter

"CCleaner" = CCleaner (remove only)

"CDCheck" = CDCheck (remove only)

"Champions Online" = Champions Online

"ChaosPro 3.3" = ChaosPro 3.3

"CheMax_is1" = CheMax 9.2

"Chess3D" = Chess3D 2.6

"Chessmaster Challenge_is1" = Chessmaster Challenge

"Cheveree_is1" = Cheveree V2.1

"CinemaForge" = CinemaForge

"CLUE Classic" = CLUE Classic

"Comical_is1" = Comical 0.8

"Convert DOC to PDF For Word_is1" = Convert DOC to PDF For Word 2.00

"Cortona® VRML Client" = Cortona® VRML Client

"CursorXP" = CursorXP

"CZ-Pdf2Txt Simple for acrobat reader V1.1 Demo_is1" = CZ-Pdf2Txt Simple for acrobat reader V1.1 Demo

"DAEMON Tools Lite" = DAEMON Tools Lite

"Deep In Space Screensaver_is1" = Deep In Space Screensaver 1.0

"DemonLisher" = DemonLisher

"DOSShell" = DOSShell 1.5

"DragonUnPACKer5_is1" = Dragon UnPACKer 5

"Draw Poker Gold Edition" = Draw Poker Gold Edition

"DungeonRider_is1" = Dungeon Rider

"DVD Catalyst" = DVD Catalyst 4.0.2

"DVD Shrink_is1" = DVD Shrink 3.2

"DXtris" = DXtris 1.5

"E.M. Magic Swf2Avi_is1" = E.M. Magic Swf2Avi V6.80

"Easy CD and DVD Cover Creator" = Easy CD and DVD Cover Creator 4.13

"EAX Unified" = EAX Unified

"ECR Tool_is1" = ECR Tool 1.15

"El Dorado Quest_is1" = El Dorado Quest

"EoS-{5CCCD423-F673-4CD8-9464-9D950F49BBC3}" = Empire of Sports

"ESET Online Scanner" = ESET Online Scanner v3

"Eurobattle.net1.26" = Eurobattle.net

"Evil Days of Luckless John" = Evil days of Luckless John

"Farkle_is1" = Farkle 3.0.8.7

"FarmingSimulator2009ENESD_is1" = Farming-Simulator 2009

"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)

"Fishdom 2 - Premium Edition1.0.2905" = Fishdom 2 - Premium Edition

"Flac Ripper_is1" = Flac Ripper 4.0.1

"FLVPlayer" = FLV Player 1.3.3

"Football Manager 2010" = Football Manager 2010

"Fraps" = Fraps

"Free Desktop Clock" = Free Desktop Clock

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"Free&Easy Font Viewer_is1" = Free&Easy Font Viewer 1.2

"Freemake Video Converter_is1" = Freemake Video Converter version 1.3.0

"FreeRummy" = 100% Free Rummy 7.30

"FreshDevices - FreshDiagnose_is1" = FreshDiagnose

"GameSpy Arcade" = GameSpy Arcade

"Garena" = Garena

"GDGAniTuner11" = AniTuner 1.1

"Gish Demo_is1" = Gish Demo 1.52

"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20111003 code)

"Goodsol Development Basic Card Set Pack_is1" = Basic Card Set Pack 12.3

"Google Updater" = Google Updater

"Governor of Poker1.0" = Governor of Poker

"Grammatica" = Grammatica

"Grand Master Chess OnLine" = Grand Master Chess OnLine

"Guitar Pro 5_is1" = Guitar Pro 5.2

"Handball Manager" = Handball Manager 2.0.1

"Handball-Simulator: European Tournament 2010" = Handball-Simulator: European Tournament 2010

"Helldorado" = Helldorado

"HijackThis" = HijackThis 2.0.2

"hon" = Heroes of Newerth

"Hoyle Card Games" = Hoyle Card Games

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP LaserJet P1000 series" = HP LaserJet P1000 series

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPExtendedCapabilities" = HP Customer Participation Program 9.0

"Hunting Unlimited 2009" = Hunting Unlimited 2009 1.0

"Icon Restore_is1" = Icon Restore 1.0

"IconArt" = IconArt

"Ignite" = Ignite

"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!

"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5

"InstallShield_{48ADB3C0-18FB-4922-B172-7C8C4B99409C}" = Kung Fu Panda

"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"InstallShield_{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles

"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4

"InstallShield_{9596C29E-1DA9-4063-848A-024515E618BE}" = TMNT

"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data

"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2

"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager

"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour

"InstantStorm_is1" = InstantStorm 1.5

"Intelore - Millions of Light Years" = Intelore - Millions of Light Years v1.6 (remove only)

"Internet Scrabble Club_is1" = WordBiz version 1.8

"Ipref_is1" = Ipref 2.59

"IrfanView" = IrfanView (remove only)

"IsoBuster_is1" = IsoBuster 2.8.5

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Codec Pack 2.82 Standard

"Kudos Rock Legend_is1" = Kudos Rock Legend

"LAME for Audacity_is1" = LAME v3.98.3 for Audacity

"League of Legends_is1" = League of Legends

"Little Fighter 2" = Little Fighter 2 1.9c

"LockHunter_is1" = LockHunter version 1.0 beta 3, 32 bit edition

"Mafia Game" = Mafia Game

"Mail Commander Deluxe_is1" = Mail Commander Deluxe 10.6

"MailWasher Pro_is1" = MailWasher Pro

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Mario Forever" = Mario Forever 4.0

"Mastermind" = Mastermind Version 1.01

"McAfee Security Scan" = McAfee Security Scan Plus

"MediaCoder" = MediaCoder 0.6.0

"MediaJoin" = MediaJoin

"MeggieSoft Games Rummy 500_is1" = MeggieSoft Games Rummy 500

"Metal Slug Complete PC" = Metal Slug Complete PC 1.0

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU

"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU

"Mini Ninjas Demo" = Mini Ninjas Demo 1.0

"MKV TO AVI CONVERTER_is1" = MKV TO AVI CONVERTER version 3.2

"MKVtoolnix" = MKVtoolnix 2.9.0

"Mount&Blade" = Mount&Blade

"Mount&Blade Warband" = Mount&Blade Warband

"Mount&Blade With Fire and Sword" = Mount&Blade With Fire and Sword

"MovieSpot_is1" = MovieSpot 0.7

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Mp3tag" = Mp3tag v2.46a

"Mystery Case Files - Ravenhearst_is1" = Mystery Case Files - Ravenhearst

"Mystery Case Files Prime Suspects_is1" = Mystery Case Files Prime Suspects

"Mystery In London_is1" = Mystery In London

"Mystical 2.0" = Mystical 2.0

"Mystick_is1" = Mystick v1.05

"Network Play System (Patching)" = Network Play System (Patching)

"Neverball" = Neverball 1.5.3

"Nicktoons Basketball_is1" = Nicktoons Basketball

"nLite_is1" = nLite 1.4.9.1

"NokiaFREE Unlock Codes Calculator" = NokiaFREE Unlock Codes Calculator

"NVIDIA Drivers" = NVIDIA Drivers

"OJOsoft MKV Converter1,5,3,0118" = OJOsoft MKV Converter

"OpenAL" = OpenAL

"Opsta Uplatnica 1.00" = Opsta Uplatnica 1.00

"OtsTurntables Free" = OtsTurntables Free 1.00.012

"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1

"P2PFilter" = P2PFilter 3.0.5

"PCPitstop Panda AntiVirus Scan" = PCPitstop Panda AntiVirus Scan (remove only)

"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8

"PersianPuzzle_is1" = Persian Puzzle

"PhotoKit Color 2 Plug-in Module" = PhotoKit Color 2 Plug-in Module

"PhotoKit Plug-in Module" = PhotoKit Plug-in Module

"PhotoKit Sharpener Plug-in Module" = PhotoKit Sharpener Plug-in Module

"PhotoStage" = PhotoStage Slideshow Producer

"Pidgin" = Pidgin

"Pidgin-Musictracker" = Pidgin-Musictracker plugin (remove only)

"PITCH_is1" = PITCH 1.1.2.1

"PlanPlus" = Contrast PlanPlus 2003

"PlanPlus MMI" = Contrast PlanPlus MMI

"Pontifex" = Pontifex

"Pontifex II" = Pontifex II

"Pretty Good Solitaire_is1" = Pretty Good Solitaire version 13.0.0

"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10

"PunkBusterSvc" = PunkBuster Services

"Pure Sudoku_is1" = Pure Sudoku 1.51

"PySol Fan Club edition_is1" = PySol Fan Club edition v.1.1

"qcksolw32_3_2" = Quick Solitaire (remove only)

"RAR Password Cracker" = RAR Password Cracker 4.12

"RealPlayer 12.0" = RealPlayer

"RealPool_is1" = Real Pool

"Road To El Dorado" = Road To El Dorado

"Robin Hood - Defender of the Crown" = Robin Hood - Defender of the Crown

"Robin Hood: The Legend Of Sherwood" = Robin Hood: The Legend Of Sherwood

"Room Arranger" = Room Arranger

"Runic Games Torchlight" = Torchlight

"Safecracker 1.00 Patriot Games" = Safecracker 1.00 Patriot Games

"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"Sandlot Connect_is1" = Sandlot Connect Version 1.2.6

"Security Task Manager" = Security Task Manager 1.7h

"SereneScreen Marine Aquarium 2_is1" = SereneScreen Marine Aquarium 2

"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3

"SeriousSam2" = Serious Sam 2

"Sexy Poker 5" = Sexy Poker 5

"Shank_is1" = Shank

"Showoff Home Design" = Showoff Home Design 1.0

"Simon3D" = Simon3D

"SimpleOCR 3.1" = SimpleOCR 3.1

"Skinner" = Winamp Skin Maker

"Sky Battle_is1" = Sky Battle

"Snowboarding Championship 2004" = Snowboarding Championship 2004

"Solar System 3D Screensaver_is1" = Solar System 3D Screensaver 1.4

"Solitaire Plus!_is1" = Solitaire Plus! version 2.4.3

"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 1.92

"SopCast" = SopCast 3.5.0

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4

"Space Interceptor" = Space Interceptor (remove only)

"Space Journey 3D_is1" = Animated Wallpaper - Space Journey 3D

"SpeedFan" = SpeedFan (remove only)

"Star Wars 3D Screensaver_is1" = Star Wars 3D Screensaver 1.3

"StyleBuilder" = StyleBuilder (remove only)

"SubtitleWorkshop" = Subtitle Workshop 2.51

"SWF & FLV Toolbox_is1" = SWF & FLV Toolbox 3.5 (build 3.5.25.503)

"Sylvester & Tweety Screen Saver" = Sylvester & Tweety Screen Saver

"Syncrosoft License Control" = Syncrosoft License Control

"Synthesia" = Synthesia (remove only)

"Telenor Internet" = Telenor Internet

"Tennis Titans" = Tennis Titans

"THE KING OF FIGHTERS XIII 1.00" = THE KING OF FIGHTERS XIII 1.00

"The KMPlayer" = The KMPlayer (remove only)

"The Weather Channel Screensaver" = The Weather Channel Screensaver

"Theme Maker" = Theme Maker

"TopOCR" = TopOCR Release 3

"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330

"Totalcmd" = Total Commander (Remove or Repair)

"Toto 3_is1" = Toto 3

"Toto Dejan Screen 2_is1" = Toto Dejan Screen 2

"Toto Dejan_is1" = Toto Dejan

"Toto februar 2010_is1" = Toto februar 2010

"Toto screensaver 2_is1" = Toto screensaver 2

"Toto Screensaver 4_is1" = Toto Screensaver 4

"Toto X_is1" = Toto X

"Transcribe!_is1" = Transcribe! 7.32

"Trucks & Trailers" = Trucks & Trailers 1.00

"Tunatic" = Tunatic

"UDPixel" = UDPixel_en.exe

"UltraStar Deluxe" = UltraStar Deluxe

"VirtuallyJenna-029.002" = thriXXX VirtuallyJenna-029.002

"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component

"VLC media player" = VLC media player 2.0.1

"VMidi" = vanBasco's MIDI Player

"Warkeys" = Warkeys 1.15.7.0b

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"WebPost" = Microsoft Web Publishing Wizard 1.52

"WheelMouse" = Smart-X7 7.80

"whereisit-wii_is1" = WhereIsIt? 3.68

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Updates Downloader" = Windows Updates Downloader

"Winemaker Extraordinaire 1.00" = Winemaker Extraordinaire 1.00

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"Worms Reloaded_is1" = Worms Reloaded

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows

"Xfire" = Xfire (remove only)

"XiphQT" = Xiph QuickTime Components

"XMedia Recode" = XMedia Recode 2.1.2.9

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

"Yu Gi Oh PoC Joey the Passion 1.00" = Yu Gi Oh PoC Joey the Passion 1.00

"Zelda Forever" = Zelda Forever

"Zilla PDF to TXT Converter_is1" = Zilla PDF to TXT Converter V1.0.7

"Zorro" = The Shadow of Zorro

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Episode 2" = Back to the Future The Game - Episode 2

"GameRanger" = GameRanger

"Google Chrome" = Google Chrome

"Hornil StylePix" = Hornil StylePix

"Pizza Morgana Episode 1" = Pizza Morgana Episode 1

"Warcraft III" = Warcraft III: All Products

"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 22.4.2012 11:51:58 | Computer Name = MOBILE | Source = Application Error | ID = 1000

Description = Faulting application bluesoleil_.exe, version 2.6.0.8, faulting module

mfc42.dll, version 6.2.4131.0, fault address 0x000011c7.

Error - 22.4.2012 16:01:10 | Computer Name = MOBILE | Source = Application Error | ID = 1000

Description = Faulting application bluesoleil_.exe, version 2.6.0.8, faulting module

mfc42.dll, version 6.2.4131.0, fault address 0x000011c7.

Error - 23.4.2012 2:26:37 | Computer Name = MOBILE | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

Error - 23.4.2012 2:58:01 | Computer Name = MOBILE | Source = MsiInstaller | ID = 11706

Description = Product: ACDSee 9 Photo Manager -- Error 1706.No valid source could

be found for product ACDSee 9 Photo Manager. The Windows Installer cannot continue.

Error - 23.4.2012 7:17:11 | Computer Name = MOBILE | Source = MsiInstaller | ID = 11706

Description = Product: The Print Shop 21 -- Error 1706. Installation has been canceled.

You may run this installation at a later time.

Error - 23.4.2012 7:17:36 | Computer Name = MOBILE | Source = MsiInstaller | ID = 11706

Description = Product: ACDSee 9 Photo Manager -- Error 1706.No valid source could

be found for product ACDSee 9 Photo Manager. The Windows Installer cannot continue.

Error - 23.4.2012 7:18:12 | Computer Name = MOBILE | Source = MsiInstaller | ID = 11706

Description = Product: The Print Shop 21 -- Error 1706. Installation has been canceled.

You may run this installation at a later time.

Error - 23.4.2012 7:18:24 | Computer Name = MOBILE | Source = MsiInstaller | ID = 11706

Description = Product: ACDSee 9 Photo Manager -- Error 1706.No valid source could

be found for product ACDSee 9 Photo Manager. The Windows Installer cannot continue.

Error - 23.4.2012 7:38:47 | Computer Name = MOBILE | Source = MsiInstaller | ID = 11706

Description = Product: ACDSee 9 Photo Manager -- Error 1706.No valid source could

be found for product ACDSee 9 Photo Manager. The Windows Installer cannot continue.

Error - 24.4.2012 2:37:03 | Computer Name = MOBILE | Source = Application Error | ID = 1000

Description = Faulting application egui.exe, version 4.2.71.2, faulting module unknown,

version 0.0.0.0, fault address 0x00c5ecd8.

[ System Events ]

Error - 24.4.2012 14:40:21 | Computer Name = MOBILE | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd

Error - 24.4.2012 16:35:18 | Computer Name = MOBILE | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd

Error - 24.4.2012 22:57:06 | Computer Name = MOBILE | Source = Server | ID = 2505

Description = The server could not bind to the transport \Device\NetBT_Tcpip_{EE3F3C64-BD68-40B1-9F86-4BC623B4A80E}

because another computer on the network has the same name. The server could not

start.

Error - 24.4.2012 23:05:26 | Computer Name = MOBILE | Source = Dhcp | ID = 1002

Description = The IP address lease 0.0.0.0 for the Network Card with network address

101111111111 has been denied by the DHCP server 192.168.50.254 (The DHCP Server

sent a DHCPNACK message).

Error - 25.4.2012 0:39:15 | Computer Name = MOBILE | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

Error - 25.4.2012 6:04:42 | Computer Name = MOBILE | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd

Error - 25.4.2012 11:08:56 | Computer Name = MOBILE | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.2.150 for the Network Card with network

address 0019DBCBD15B has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

Error - 25.4.2012 11:10:34 | Computer Name = MOBILE | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd

Error - 25.4.2012 17:15:41 | Computer Name = MOBILE | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd

Error - 25.4.2012 19:38:12 | Computer Name = MOBILE | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.2.150 for the Network Card with network

address 0019DBCBD15B has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

< End of report >

Share this post


Link to post
Share on other sites

Hm... whats problem with DHCP and network card...?

It seems my outgoing traffic is blocked. I can't go to gmail, facebook, log in to yahoo messenger goes slow... I cannot measure upload speed. I can't send emails. I cant send any files through yahoo messenger.

Something is on the way.

Can it be possible that it something about blocking ports.

Since I still get those warnings from anti-malware, can I use TCPView to catch which process is trying to get to that IP?

Share this post


Link to post
Share on other sites

Run Malwarebytes' Anti-Malware, click on Logs tab and find the last IP blocks and post then in your next reply.

Share this post


Link to post
Share on other sites

2012/04/26 04:35:35 +0200 MOBILE User MESSAGE Starting protection

2012/04/26 04:35:54 +0200 MOBILE User MESSAGE Protection started successfully

2012/04/26 04:35:57 +0200 MOBILE User MESSAGE Starting IP protection

2012/04/26 04:37:35 +0200 MOBILE User MESSAGE IP Protection started successfully

2012/04/26 10:58:43 +0200 MOBILE User MESSAGE Starting protection

2012/04/26 10:59:07 +0200 MOBILE User MESSAGE Protection started successfully

2012/04/26 10:59:11 +0200 MOBILE User MESSAGE Starting IP protection

2012/04/26 11:00:16 +0200 MOBILE User MESSAGE IP Protection started successfully

2012/04/26 11:00:33 +0200 MOBILE User IP-BLOCK 208.73.210.29 (Type: outgoing)

2012/04/26 11:00:36 +0200 MOBILE User IP-BLOCK 208.73.210.29 (Type: outgoing)

2012/04/26 11:00:42 +0200 MOBILE User IP-BLOCK 208.73.210.29 (Type: outgoing)

2012/04/26 11:00:59 +0200 MOBILE User IP-BLOCK 208.73.210.29 (Type: outgoing)

2012/04/26 11:01:01 +0200 MOBILE User IP-BLOCK 208.73.210.29 (Type: outgoing)

Share this post


Link to post
Share on other sites

I uninstaled old and instaled new Java.

i didnt get those warnings about malicious IP yet.

Everzthng else is the same.

I checked out port 25 by using telnet command

it is blocked.

PC coudnt connect through that port.

I wonder what is blocking those ports...

I cannot send anything, I cannot get to some sites...

Share this post


Link to post
Share on other sites

We have some progress.

Please post a new fresh OTL log file.

Share this post


Link to post
Share on other sites

OTL logfile created on: 27.4.2012 10:52:58 - Run 2

OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\User\My Documents\Downloads

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C1A | Country: Serbia and Montenegro | Language: SRB | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 62,16% Memory free

4,78 Gb Paging File | 4,15 Gb Available in Paging File | 86,77% Paging File free

Paging file location(s): C:\pagefile.sys 3000 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 1,96 Gb Free Space | 4,02% Space Free | Partition Type: NTFS

Drive D: | 184,05 Gb Total Space | 5,25 Gb Free Space | 2,85% Space Free | Partition Type: NTFS

Drive F: | 195,31 Gb Total Space | 6,45 Gb Free Space | 3,30% Space Free | Partition Type: NTFS

Drive G: | 75,13 Gb Total Space | 7,22 Gb Free Space | 9,60% Space Free | Partition Type: NTFS

Drive H: | 195,31 Gb Total Space | 11,27 Gb Free Space | 5,77% Space Free | Partition Type: NTFS

Computer Name: MOBILE | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.26 01:44:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe

PRC - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

PRC - [2012.03.22 00:27:28 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

PRC - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.12.24 18:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.06.01 13:05:32 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe

PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe

PRC - [2011.01.12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe

PRC - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe

PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2010.01.31 19:23:34 | 000,661,776 | -H-- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe

PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2007.09.10 15:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE

PRC - [2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.05.15 11:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe

PRC - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe

========== Modules (No Company Name) ==========

MOD - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe

MOD - [2010.10.22 17:29:54 | 000,133,120 | ---- | M] () -- C:\Program Files\Free Desktop Clock\Clock.dll

MOD - [2010.06.01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll

MOD - [2007.06.07 21:11:12 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm

MOD - [2006.10.22 13:22:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll

MOD - [2006.10.22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll

MOD - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe

MOD - [2005.10.07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2004.08.04 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

MOD - [2004.08.04 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012.04.24 20:21:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.03.15 09:18:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)

SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)

SRV - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\IGRICE\UltraStar Deluxe\zlportio.sys -- (zlportio)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vsc.sys -- (vsc32)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\WNt500x86\Sandra.sys -- (SANDRA)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\User\LOCALS~1\Temp\pwtdypog.sys -- (pwtdypog)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\1151.tmp -- (MEMSWEEP2)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MTiCtwl.sys -- (MagicTune)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\YFH31BF.tmp -- (GarenaPEngine)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdTools.sys -- (amdtools)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\AMDPCI.sys -- (AMDPCI)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)

DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.02.18 16:12:12 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2010.12.21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2010.12.21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)

DRV - [2010.12.21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)

DRV - [2010.08.03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)

DRV - [2010.05.26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)

DRV - [2009.09.09 14:18:57 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2009.07.17 02:46:46 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)

DRV - [2009.06.22 19:38:18 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2009.06.22 19:24:48 | 000,100,480 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)

DRV - [2009.04.05 02:33:14 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)

DRV - [2008.05.28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)

DRV - [2008.01.30 23:41:08 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2008.01.30 23:41:08 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2008.01.30 23:26:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2007.10.07 05:23:47 | 000,002,208 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nxsIO32.sys -- (nxsIO32)

DRV - [2007.10.04 05:24:42 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2007.07.24 09:45:20 | 000,328,824 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10)

DRV - [2007.07.11 10:20:26 | 000,201,848 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10)

DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2007.05.14 23:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)

DRV - [2007.05.14 23:40:16 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)

DRV - [2007.05.14 23:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)

DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2007.05.10 12:28:08 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007.05.09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)

DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)

DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)

DRV - [2006.11.23 17:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)

DRV - [2006.11.21 23:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)

DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2006.08.14 22:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2006.06.19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006.03.26 14:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2006.03.24 18:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)

DRV - [2006.03.13 11:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2005.12.22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2005.12.22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2005.12.22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2005.12.21 11:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV - [2005.08.30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)

DRV - [2005.08.30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)

DRV - [2005.08.30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV - [2005.02.11 22:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2004.10.26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)

DRV - [2004.08.11 06:42:28 | 000,454,815 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50)

DRV - [2004.08.04 07:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)

DRV - [2002.09.09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)

DRV - [2001.08.17 14:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)

DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}&src=IE-SearchBox&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}'>http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}&src=IE-SearchBox&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaultthis.engineName: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q="

FF - prefs.js..browser.search.order.1: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442

FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3

FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.01 13:06:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 20:21:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.08.21 07:32:52 | 000,000,000 | ---D | M]

[2011.01.20 15:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions

[2012.04.25 19:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions

[2011.03.23 15:24:57 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}

[2012.03.19 22:18:59 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

[2010.07.31 00:02:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}(2)

[2009.03.12 01:48:11 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)

[2012.03.30 05:35:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.06.14 18:24:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)

[2011.11.13 00:21:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(3)

[2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Curacao) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}(2)

[2012.04.25 19:54:51 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2012.03.02 02:51:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009.03.12 01:48:11 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\nasanightlaunch@example(2).com

[2009.05.15 09:09:38 | 000,002,042 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\facebook.xml

[2010.09.04 17:08:21 | 000,002,079 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\google.xml

[2012.04.17 06:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DM5592B1.DEFAULT\EXTENSIONS\BYM@SAVETHEWORLD.ORG.XPI

[2012.04.24 20:21:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.03.13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Cortona VRML Client (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCortona.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\WINDOWS\system32\npmirage.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

CHR - Extension: Skype Click to Call = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2012.04.22 16:14:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {C11483F7-D7D8-4804-98D8-6055470BB989} - No CLSID value found.

O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)

O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)

O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [skinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe ()

O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315113466093 (MUCatalogWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} http://pcpitstop.com/antivirus/PitPav.cab (AV Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.117.194.2 82.117.194.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E0A5C03-2F42-4E86-933C-CC9403ED7B2A}: DhcpNameServer = 82.117.194.2 82.117.194.3

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.10.04 05:15:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.04.27 03:45:06 | 000,000,000 | ---D | C] -- C:\gmer

[2012.04.27 00:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun

[2012.04.27 00:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2012.04.27 00:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Oracle

[2012.04.27 00:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2012.04.27 00:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.04.27 00:40:42 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll

[2012.04.27 00:40:42 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2012.04.27 00:40:42 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012.04.27 00:40:42 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012.04.27 00:40:32 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012.04.27 00:40:32 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012.04.27 00:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\jdk1.7.0_04_combo

[2012.04.26 04:23:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012.04.25 21:53:47 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2012.04.25 19:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\QuickScan

[2012.04.25 06:53:24 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys

[2012.04.25 04:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\OxyCube

[2012.04.25 04:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Oxygen Software

[2012.04.25 04:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Oxygen Software

[2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla

[2012.04.22 21:43:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012.04.22 21:43:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012.04.22 21:43:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012.04.22 21:43:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012.04.22 21:42:15 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.04.21 07:36:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent

[2012.04.17 08:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis

[2012.04.17 08:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\HostsMan

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HostsMan

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\abelhadigital.com

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com

[2012.04.17 06:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012.04.16 21:10:23 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012.04.16 20:58:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012.04.15 18:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller

[2012.04.15 18:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller

[2012.04.14 18:35:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012.04.06 16:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-_files

[2012.04.05 22:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Freemake

[2012.04.05 22:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freemake

[2012.04.05 22:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake

[2012.03.30 16:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rovio

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.27 10:33:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003UA.job

[2012.04.27 10:32:19 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.27 03:59:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job

[2012.04.27 03:46:46 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-527237240-725345543-1003.job

[2012.04.27 03:46:46 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job

[2012.04.27 02:36:22 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.04.27 00:54:30 | 000,596,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.04.27 00:54:30 | 000,125,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.04.27 00:48:55 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2012.04.27 00:48:48 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.04.27 00:48:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.27 00:48:13 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat

[2012.04.27 00:48:09 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.27 00:47:05 | 000,000,552 | ---- | M] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini

[2012.04.27 00:40:20 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012.04.27 00:40:20 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012.04.26 22:33:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003Core.job

[2012.04.26 04:33:30 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Tcpview.lnk

[2012.04.26 04:19:46 | 000,000,339 | RHS- | M] () -- C:\boot.ini

[2012.04.26 01:32:14 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Outlook 2003.lnk

[2012.04.25 22:56:07 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe

[2012.04.25 22:51:42 | 000,367,166 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache

[2012.04.25 22:51:25 | 000,399,428 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache

[2012.04.25 21:43:45 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2012.04.25 20:21:08 | 000,112,143 | ---- | M] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf

[2012.04.25 20:20:24 | 000,251,333 | ---- | M] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf

[2012.04.25 20:01:54 | 002,796,446 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG

[2012.04.25 19:26:53 | 000,080,458 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG

[2012.04.25 19:23:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2012.04.25 06:56:23 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys

[2012.04.25 04:47:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk

[2012.04.25 03:56:29 | 000,000,332 | ---- | M] () -- C:\WINDOWS\desctemp.dat

[2012.04.25 00:36:08 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2012.04.24 08:39:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.04.24 08:36:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\My Documents\MBR.dat

[2012.04.23 14:05:31 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk

[2012.04.22 16:14:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012.04.21 05:18:50 | 000,165,100 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar

[2012.04.19 03:57:21 | 000,193,536 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.17 23:43:06 | 000,133,224 | ---- | M] () -- C:\Documents and Settings\User\My Documents\krompir.pdf

[2012.04.17 18:38:49 | 000,337,325 | ---- | M] () -- C:\Documents and Settings\User\Desktop\FSS.exe

[2012.04.17 17:43:34 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe

[2012.04.17 08:08:42 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk

[2012.04.17 06:32:37 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012.04.17 06:32:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012.04.17 06:28:20 | 000,213,572 | ---- | M] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json

[2012.04.16 21:26:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Copy of hosts

[2012.04.15 18:31:24 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc

[2012.04.15 18:30:41 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie

[2012.04.15 18:30:26 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk

[2012.04.15 12:48:44 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe

[2012.04.13 20:43:17 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

[2012.04.13 20:43:17 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

[2012.04.12 19:30:41 | 001,850,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar

[2012.04.12 17:51:11 | 008,876,969 | ---- | M] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip

[2012.04.11 02:40:04 | 000,002,665 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Readon TV Movie Radio Player.lnk

[2012.04.08 05:53:24 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP-LINK.url

[2012.04.07 22:52:48 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk

[2012.04.07 00:28:56 | 000,042,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg

[2012.04.06 20:38:31 | 000,617,836 | ---- | M] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf

[2012.04.06 17:03:18 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url

[2012.04.06 16:38:11 | 000,139,610 | ---- | M] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm

[2012.04.05 22:39:23 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk

[2012.04.05 22:00:19 | 000,911,499 | ---- | M] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf

[2012.04.05 21:12:30 | 000,058,021 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg

[2012.04.04 18:47:36 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012.04.04 18:47:24 | 000,227,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012.04.04 18:47:08 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll

[2012.04.04 18:47:02 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2012.03.31 23:20:45 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\User\Application Data\room_v3.dat

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.27 03:44:07 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.exe

[2012.04.27 00:58:33 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job

[2012.04.26 04:33:30 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Tcpview.lnk

[2012.04.25 22:55:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe

[2012.04.25 22:51:42 | 000,367,166 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache

[2012.04.25 22:51:25 | 000,399,428 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache

[2012.04.25 21:43:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2012.04.25 20:22:25 | 000,251,333 | ---- | C] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf

[2012.04.25 20:22:25 | 000,112,143 | ---- | C] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf

[2012.04.25 19:26:53 | 000,080,458 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG

[2012.04.25 19:25:59 | 002,796,446 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG

[2012.04.25 04:47:00 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk

[2012.04.25 03:41:27 | 000,000,332 | ---- | C] () -- C:\WINDOWS\desctemp.dat

[2012.04.25 00:36:08 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2012.04.25 00:36:08 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2012.04.24 08:36:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\My Documents\MBR.dat

[2012.04.22 21:43:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012.04.22 21:43:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012.04.22 21:43:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012.04.22 21:43:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012.04.22 21:43:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012.04.21 05:18:50 | 000,165,100 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar

[2012.04.17 23:43:16 | 000,133,224 | ---- | C] () -- C:\Documents and Settings\User\My Documents\krompir.pdf

[2012.04.17 18:39:21 | 000,337,325 | ---- | C] () -- C:\Documents and Settings\User\Desktop\FSS.exe

[2012.04.17 17:44:08 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe

[2012.04.17 08:08:42 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk

[2012.04.17 06:32:37 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012.04.17 06:32:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2012.04.17 06:32:37 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012.04.17 06:28:20 | 000,213,572 | ---- | C] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json

[2012.04.16 21:10:30 | 000,000,223 | ---- | C] () -- C:\Boot.bak

[2012.04.16 21:10:28 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012.04.15 18:31:24 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc

[2012.04.15 18:30:41 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie

[2012.04.15 18:30:26 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk

[2012.04.15 12:48:44 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe

[2012.04.12 19:30:40 | 001,850,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar

[2012.04.12 17:50:45 | 008,876,969 | ---- | C] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip

[2012.04.12 14:44:37 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job

[2012.04.07 22:52:48 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk

[2012.04.07 00:28:55 | 000,042,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg

[2012.04.06 20:38:30 | 000,617,836 | ---- | C] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf

[2012.04.06 16:38:10 | 000,139,610 | ---- | C] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm

[2012.04.06 16:08:18 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url

[2012.04.06 12:22:26 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-527237240-725345543-1003-0.dat

[2012.04.06 05:02:56 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012.04.05 22:39:23 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk

[2012.04.05 22:00:19 | 000,911,499 | ---- | C] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf

[2012.04.05 20:09:00 | 000,058,021 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg

[2012.01.24 15:37:35 | 000,014,368 | ---- | C] () -- C:\WINDOWS\skype.dat

[2012.01.24 15:37:05 | 000,032,854 | ---- | C] () -- C:\WINDOWS\iniLS.dat

[2012.01.04 20:30:14 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\nwsrmodn.dll

[2011.12.18 06:53:44 | 000,718,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011.09.05 01:11:49 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini

[2011.08.31 15:38:06 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI

[2011.08.31 15:19:01 | 000,000,370 | ---- | C] () -- C:\WINDOWS\dorp.dat

[2011.08.08 15:14:26 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2011.08.08 15:08:40 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll

[2011.07.28 16:08:22 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys

[2011.07.18 19:33:58 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun

[2011.07.04 20:35:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2011.07.04 20:35:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2011.07.03 07:12:59 | 000,000,219 | ---- | C] () -- C:\WINDOWS\tropical_beaches1.ini

[2011.07.03 07:12:38 | 000,002,149 | ---- | C] () -- C:\WINDOWS\unins002.dat

[2011.07.03 07:11:01 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\bvcsky.dll

[2011.06.15 05:42:10 | 000,794,906 | ---- | C] () -- C:\WINDOWS\unins001.exe

[2011.06.15 05:42:10 | 000,004,189 | ---- | C] () -- C:\WINDOWS\unins001.dat

[2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f

[2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f

[2011.06.08 21:02:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011.06.05 23:59:21 | 000,037,556 | ---- | C] () -- C:\WINDOWS\System32\Sylvunins.exe

[2011.06.05 20:40:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\UnInstall Tweety Time V4.exe

[2011.05.28 02:23:58 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room_v3.dat

[2011.05.08 02:09:39 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\rpicfica.bin

[2011.04.23 18:08:16 | 000,000,212 | ---- | C] () -- C:\WINDOWS\topocr.INI

[2011.04.14 02:09:53 | 000,000,108 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011.03.23 10:26:01 | 000,046,658 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room.dat

[2011.03.03 12:01:37 | 000,000,652 | ---- | C] () -- C:\WINDOWS\unins000.dat

[2011.01.15 12:41:36 | 000,000,170 | ---- | C] () -- C:\WINDOWS\game.ini

[2011.01.09 06:57:58 | 002,538,595 | ---- | C] () -- C:\Program Files\Audacity.rar

[2010.10.23 21:44:54 | 000,000,088 | ---- | C] () -- C:\WINDOWS\StyleBuilder.INI

[2010.10.19 05:48:04 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Readiris.ini

[2010.09.29 19:35:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY.INI

[2010.09.14 12:07:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\SW_Win2000X9.DLL

[2010.09.14 12:05:54 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win3112X32.DLL

[2010.09.14 12:05:33 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\beconvlib.dll

[2010.09.14 12:05:33 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\bprgcomm.dll

[2010.09.14 12:05:33 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll

[2010.09.14 12:05:33 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx151ic.ini

[2010.09.14 12:05:32 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SII_PDF.dll

[2010.09.14 12:05:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll

[2010.09.14 12:05:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll

[2010.09.14 12:05:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe

< End of report >

Share this post


Link to post
Share on other sites

I scanned PC with GMER for rootkits. I dont see it find anything. If zou want I can post log here.

Thanks for your help, again.

I hope we will find alien :)

Share this post


Link to post
Share on other sites

I followed instructions and disabled Eset. No changes in behaviour. I still cannot send emails (I can recieve those).

Upload speed is still zero.

I still cannot get to facebook, gmail, isohunt...

When I connect to yahoo messenger it always disconnecst me in minute or so, then it recconects me and then it works ok (though I cannot send anything there, it seems like I am connected just for chat, nothing else...).

I suppose I should activate Eset again.

Thanks again for help.

Share this post


Link to post
Share on other sites

I forgot to say - last anti-malware warning about malicious IP appeared zesterdaz at noon. I hope that it is sign we at least succeed to get rid if that one...

Share this post


Link to post
Share on other sites

There is a new version of OTL. Please manually delete your copy, download a new fresh one and generate a new log file.

Share this post


Link to post
Share on other sites

OTL logfile created on: 30.4.2012 3:12:42 - Run 3

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\User\My Documents\Downloads

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C1A | Country: Serbia and Montenegro | Language: SRB | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,36% Memory free

4,78 Gb Paging File | 4,17 Gb Available in Paging File | 87,24% Paging File free

Paging file location(s): C:\pagefile.sys 3000 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 1,52 Gb Free Space | 3,11% Space Free | Partition Type: NTFS

Drive D: | 184,05 Gb Total Space | 5,25 Gb Free Space | 2,85% Space Free | Partition Type: NTFS

Drive F: | 195,31 Gb Total Space | 6,43 Gb Free Space | 3,29% Space Free | Partition Type: NTFS

Drive G: | 75,13 Gb Total Space | 7,22 Gb Free Space | 9,60% Space Free | Partition Type: NTFS

Drive H: | 195,31 Gb Total Space | 11,27 Gb Free Space | 5,77% Space Free | Partition Type: NTFS

Computer Name: MOBILE | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.29 22:51:01 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\new OTL.exe

PRC - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

PRC - [2012.03.22 00:27:28 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe

PRC - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.12.24 18:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.06.01 13:05:32 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe

PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe

PRC - [2011.01.12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe

PRC - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe

PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2010.01.31 19:23:34 | 000,661,776 | -H-- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe

PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2007.09.10 15:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE

PRC - [2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.05.15 11:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe

PRC - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe

========== Modules (No Company Name) ==========

MOD - [2010.11.21 13:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe

MOD - [2010.10.22 17:29:54 | 000,133,120 | ---- | M] () -- C:\Program Files\Free Desktop Clock\Clock.dll

MOD - [2010.06.01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll

MOD - [2007.06.07 21:11:12 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm

MOD - [2006.10.22 13:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll

MOD - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe

MOD - [2004.08.04 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012.04.24 20:21:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.04.04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011.12.24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.03.15 09:18:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)

SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)

SRV - [2011.01.05 18:23:56 | 000,055,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2005.12.30 09:15:16 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\IGRICE\UltraStar Deluxe\zlportio.sys -- (zlportio)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vsc.sys -- (vsc32)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\WNt500x86\Sandra.sys -- (SANDRA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mferkdet.sys -- (mferkdet)

DRV - File not found [Kernel | Boot | Running] -- system32\drivers\mfehidk.sys -- (mfehidk)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\1151.tmp -- (MEMSWEEP2)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MTiCtwl.sys -- (MagicTune)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\YFH31BF.tmp -- (GarenaPEngine)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdTools.sys -- (amdtools)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\AMDPCI.sys -- (AMDPCI)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)

DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.02.18 16:12:12 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2010.12.21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2010.12.21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)

DRV - [2010.12.21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)

DRV - [2010.08.03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)

DRV - [2010.05.26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)

DRV - [2009.09.09 14:18:57 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2009.07.17 02:46:46 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)

DRV - [2009.06.22 19:38:18 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2009.06.22 19:24:48 | 000,100,480 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)

DRV - [2009.04.05 02:33:14 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)

DRV - [2008.05.28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)

DRV - [2008.01.30 23:41:08 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2008.01.30 23:41:08 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2008.01.30 23:26:30 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2007.10.07 05:23:47 | 000,002,208 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nxsIO32.sys -- (nxsIO32)

DRV - [2007.10.04 05:24:42 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2007.07.24 09:45:20 | 000,328,824 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV10.sys -- (acedrv10)

DRV - [2007.07.11 10:20:26 | 000,201,848 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp10.sys -- (acehlp10)

DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)

DRV - [2007.05.14 23:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)

DRV - [2007.05.14 23:40:16 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt)

DRV - [2007.05.14 23:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)

DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)

DRV - [2007.05.10 12:28:08 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007.05.09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)

DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)

DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)

DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)

DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)

DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)

DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)

DRV - [2006.11.23 17:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)

DRV - [2006.11.21 23:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)

DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2006.08.14 22:09:48 | 000,083,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2006.06.19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006.03.26 14:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2006.03.24 18:27:01 | 000,050,176 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)

DRV - [2006.03.13 11:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2005.12.22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2005.12.22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2005.12.22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2005.12.21 11:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV - [2005.08.30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)

DRV - [2005.08.30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)

DRV - [2005.08.30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV - [2005.02.11 22:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2004.10.26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)

DRV - [2004.08.11 06:42:28 | 000,454,815 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelH51.sys -- (ham50)

DRV - [2004.08.04 07:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)

DRV - [2002.09.09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)

DRV - [2001.08.17 14:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)

DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}&src=IE-SearchBox&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}'>http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}&src=IE-SearchBox&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IE8SSC&market={Language}

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q={searchTerms}

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaultthis.engineName: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/cse?cx=partner-pub-9609672093949948%3A2pdkvfm6u5y&ie=ISO-8859-1&q="

FF - prefs.js..browser.search.order.1: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442

FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3

FF - prefs.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll (ParallelGraphics)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\WINDOWS\system32\npmirage.dll (XMLAuthor Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.01 13:06:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 20:21:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.08.21 07:32:52 | 000,000,000 | ---D | M]

[2011.01.20 15:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions

[2012.04.25 19:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions

[2011.03.23 15:24:57 | 000,000,000 | ---D | M] (Add N Edit Cookies) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}

[2012.03.19 22:18:59 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

[2010.07.31 00:02:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}(2)

[2009.03.12 01:48:11 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}(2)

[2012.03.30 05:35:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.06.14 18:24:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)

[2011.11.13 00:21:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(3)

[2009.03.12 01:48:10 | 000,000,000 | ---D | M] (Curacao) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{cc6ef5ab-35be-4300-bd07-d12850fc97ff}(2)

[2012.04.25 19:54:51 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2012.03.02 02:51:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009.03.12 01:48:11 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\extensions\nasanightlaunch@example(2).com

[2009.05.15 09:09:38 | 000,002,042 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\facebook.xml

[2010.09.04 17:08:21 | 000,002,079 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\dm5592b1.default\searchplugins\google.xml

[2012.04.17 06:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DM5592B1.DEFAULT\EXTENSIONS\BYM@SAVETHEWORLD.ORG.XPI

[2012.04.24 20:21:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.03.13 06:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.13 06:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Cortona VRML Client (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCortona.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\WINDOWS\system32\npmirage.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\

CHR - Extension: Skype Click to Call = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2012.04.22 16:14:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {C11483F7-D7D8-4804-98D8-6055470BB989} - No CLSID value found.

O3 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)

O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)

O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [skinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe ()

O4 - HKU\S-1-5-21-1275210071-527237240-725345543-1003..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1275210071-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1315113466093 (MUCatalogWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} http://pcpitstop.com/antivirus/PitPav.cab (AV Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.117.194.2 82.117.194.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E0A5C03-2F42-4E86-933C-CC9403ED7B2A}: DhcpNameServer = 82.117.194.2 82.117.194.3

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.10.04 05:15:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.04.30 01:35:14 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.7631.deleteme

[2012.04.30 01:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegistryNuke 2012

[2012.04.30 00:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryNuke 2012

[2012.04.29 21:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\stinger

[2012.04.27 03:45:06 | 000,000,000 | ---D | C] -- C:\gmer

[2012.04.27 00:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun

[2012.04.27 00:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2012.04.27 00:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Oracle

[2012.04.27 00:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2012.04.27 00:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.04.27 00:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\jdk1.7.0_04_combo

[2012.04.26 04:23:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012.04.25 21:53:47 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2012.04.25 19:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\QuickScan

[2012.04.25 06:53:24 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys

[2012.04.25 04:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\OxyCube

[2012.04.25 04:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Oxygen Software

[2012.04.25 04:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Oxygen Software

[2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012.04.24 20:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla

[2012.04.22 21:43:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012.04.22 21:43:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012.04.22 21:43:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012.04.22 21:43:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012.04.22 21:42:15 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.04.21 07:36:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent

[2012.04.17 08:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis

[2012.04.17 08:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\HostsMan Backups

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\HostsMan

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HostsMan

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\abelhadigital.com

[2012.04.17 06:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com

[2012.04.17 06:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012.04.16 21:10:23 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012.04.16 20:58:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012.04.15 18:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller

[2012.04.15 18:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller

[2012.04.14 18:35:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012.04.06 16:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-_files

[2012.04.05 22:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Freemake

[2012.04.05 22:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Freemake

[2012.04.05 22:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.30 03:09:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1275210071-527237240-725345543-1003.job

[2012.04.30 03:09:43 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job

[2012.04.30 02:33:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003UA.job

[2012.04.30 02:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.30 02:04:42 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2012.04.30 01:35:11 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.7631.deleteme

[2012.04.30 01:29:27 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job

[2012.04.30 01:23:56 | 000,596,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.04.30 01:23:56 | 000,125,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.04.30 01:19:28 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.04.30 01:19:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.30 01:18:55 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat

[2012.04.30 01:18:50 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.30 01:18:10 | 000,000,552 | ---- | M] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini

[2012.04.30 01:00:04 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryNuke 2012.lnk

[2012.04.30 00:58:45 | 065,404,930 | ---- | M] () -- C:\registry april2012.reg

[2012.04.30 00:58:04 | 162,660,354 | ---- | M] () -- C:\Documents and Settings\User\My Documents\april2012.reg

[2012.04.29 22:53:22 | 000,000,372 | RHS- | M] () -- C:\boot.ini

[2012.04.29 22:33:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-527237240-725345543-1003Core.job

[2012.04.29 15:34:50 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Outlook 2003.lnk

[2012.04.29 06:25:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.04.28 22:36:38 | 000,007,504 | ---- | M] () -- C:\Documents and Settings\User\Desktop\config TP LINK.bin

[2012.04.27 02:36:22 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.04.26 04:33:30 | 000,000,531 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Tcpview.lnk

[2012.04.25 22:56:07 | 000,102,400 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe

[2012.04.25 22:51:42 | 000,367,166 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache

[2012.04.25 22:51:25 | 000,399,428 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache

[2012.04.25 21:43:45 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2012.04.25 20:21:08 | 000,112,143 | ---- | M] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf

[2012.04.25 20:20:24 | 000,251,333 | ---- | M] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf

[2012.04.25 20:01:54 | 002,796,446 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG

[2012.04.25 19:26:53 | 000,080,458 | ---- | M] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG

[2012.04.25 19:23:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2012.04.25 06:56:23 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys

[2012.04.25 04:47:00 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk

[2012.04.25 03:56:29 | 000,000,332 | ---- | M] () -- C:\WINDOWS\desctemp.dat

[2012.04.25 00:36:08 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2012.04.24 08:36:17 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\My Documents\MBR.dat

[2012.04.23 14:05:31 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk

[2012.04.22 16:14:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012.04.21 05:18:50 | 000,165,100 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar

[2012.04.19 03:57:21 | 000,193,536 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.17 23:43:06 | 000,133,224 | ---- | M] () -- C:\Documents and Settings\User\My Documents\krompir.pdf

[2012.04.17 18:38:49 | 000,337,325 | ---- | M] () -- C:\Documents and Settings\User\Desktop\FSS.exe

[2012.04.17 17:43:34 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe

[2012.04.17 08:08:42 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk

[2012.04.17 06:32:37 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012.04.17 06:32:37 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012.04.17 06:28:20 | 000,213,572 | ---- | M] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json

[2012.04.16 21:26:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Copy of hosts

[2012.04.15 18:31:24 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc

[2012.04.15 18:30:41 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie

[2012.04.15 18:30:26 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk

[2012.04.15 12:48:44 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe

[2012.04.13 20:43:17 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

[2012.04.13 20:43:17 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

[2012.04.12 19:30:41 | 001,850,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar

[2012.04.12 17:51:11 | 008,876,969 | ---- | M] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip

[2012.04.11 02:40:04 | 000,002,665 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Readon TV Movie Radio Player.lnk

[2012.04.08 05:53:24 | 000,000,544 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP-LINK.url

[2012.04.07 22:52:48 | 000,000,402 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk

[2012.04.07 00:28:56 | 000,042,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg

[2012.04.06 20:38:31 | 000,617,836 | ---- | M] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf

[2012.04.06 17:03:18 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url

[2012.04.06 16:38:11 | 000,139,610 | ---- | M] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm

[2012.04.05 22:39:23 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk

[2012.04.05 22:00:19 | 000,911,499 | ---- | M] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf

[2012.04.05 21:12:30 | 000,058,021 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg

[2012.03.31 23:20:45 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\User\Application Data\room_v3.dat

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.30 01:29:27 | 000,000,314 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job

[2012.04.30 01:00:04 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryNuke 2012.lnk

[2012.04.30 00:58:28 | 065,404,930 | ---- | C] () -- C:\registry april2012.reg

[2012.04.30 00:56:45 | 162,660,354 | ---- | C] () -- C:\Documents and Settings\User\My Documents\april2012.reg

[2012.04.28 22:36:37 | 000,007,504 | ---- | C] () -- C:\Documents and Settings\User\Desktop\config TP LINK.bin

[2012.04.27 03:44:07 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.exe

[2012.04.26 04:33:30 | 000,000,531 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Tcpview.lnk

[2012.04.25 22:55:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe

[2012.04.25 22:51:42 | 000,367,166 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\census.cache

[2012.04.25 22:51:25 | 000,399,428 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\ars.cache

[2012.04.25 21:43:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\housecall.guid.cache

[2012.04.25 20:22:25 | 000,251,333 | ---- | C] () -- C:\Documents and Settings\User\My Documents\uredba_voce_povrce_cvece.pdf

[2012.04.25 20:22:25 | 000,112,143 | ---- | C] () -- C:\Documents and Settings\User\My Documents\obrazac.pdf

[2012.04.25 19:26:53 | 000,080,458 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857 small.JPG

[2012.04.25 19:25:59 | 002,796,446 | ---- | C] () -- C:\Documents and Settings\User\Desktop\DSCN1857.JPG

[2012.04.25 04:47:00 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Desktop\OxyCube.lnk

[2012.04.25 03:41:27 | 000,000,332 | ---- | C] () -- C:\WINDOWS\desctemp.dat

[2012.04.25 00:36:08 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2012.04.25 00:36:08 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2012.04.24 08:36:17 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\My Documents\MBR.dat

[2012.04.22 21:43:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012.04.22 21:43:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012.04.22 21:43:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012.04.22 21:43:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012.04.22 21:43:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012.04.21 05:18:50 | 000,165,100 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Eset new log.rar

[2012.04.17 23:43:16 | 000,133,224 | ---- | C] () -- C:\Documents and Settings\User\My Documents\krompir.pdf

[2012.04.17 18:39:21 | 000,337,325 | ---- | C] () -- C:\Documents and Settings\User\Desktop\FSS.exe

[2012.04.17 17:44:08 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MiniToolBox.exe

[2012.04.17 08:08:42 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk

[2012.04.17 06:32:37 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012.04.17 06:32:37 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2012.04.17 06:32:37 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012.04.17 06:28:20 | 000,213,572 | ---- | C] () -- C:\Documents and Settings\User\Desktop\bookmarks-2012-04-17.json

[2012.04.16 21:10:30 | 000,000,223 | ---- | C] () -- C:\Boot.bak

[2012.04.16 21:10:28 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012.04.15 18:31:24 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\Jiii_PNUCT.pnc

[2012.04.15 18:30:41 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie

[2012.04.15 18:30:26 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Perfect Uninstaller.lnk

[2012.04.15 12:48:44 | 000,126,976 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ResetTeaTimer.exe

[2012.04.12 19:30:40 | 001,850,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\KATALOG 2012 3.rar

[2012.04.12 17:50:45 | 008,876,969 | ---- | C] () -- C:\Documents and Settings\User\My Documents\prezentacija.zip

[2012.04.12 14:44:37 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1275210071-527237240-725345543-1003.job

[2012.04.07 22:52:48 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Internet LAN konekcija.lnk

[2012.04.07 00:28:55 | 000,042,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\562003_359280264115924_195909997119619_968748_538786043_n.jpg

[2012.04.06 20:38:30 | 000,617,836 | ---- | C] () -- C:\Documents and Settings\User\My Documents\46256423-Uputstvo-Za-Podesavanje-TP-LINK-543G.pdf

[2012.04.06 16:38:10 | 000,139,610 | ---- | C] () -- C:\Documents and Settings\User\My Documents\WiFi net po kuci i hvatanje drugih WiFi mreza i deljenje WiFi putem po kuci-.htm

[2012.04.06 16:08:18 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TP LINK NOVO.url

[2012.04.06 12:22:26 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-527237240-725345543-1003-0.dat

[2012.04.06 05:02:56 | 000,947,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012.04.05 22:39:23 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freemake Video Converter.lnk

[2012.04.05 22:00:19 | 000,911,499 | ---- | C] () -- C:\Documents and Settings\User\My Documents\TP LINK 340G.pdf

[2012.04.05 20:09:00 | 000,058,021 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Operacija.jpg

[2012.01.24 15:37:35 | 000,014,368 | ---- | C] () -- C:\WINDOWS\skype.dat

[2012.01.24 15:37:05 | 000,032,854 | ---- | C] () -- C:\WINDOWS\iniLS.dat

[2012.01.04 20:30:14 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\nwsrmodn.dll

[2011.12.18 06:53:44 | 000,718,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011.09.05 01:11:49 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\User\Application Data\FreeDesktopClock.ini

[2011.08.31 15:38:06 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI

[2011.08.31 15:19:01 | 000,000,370 | ---- | C] () -- C:\WINDOWS\dorp.dat

[2011.08.08 15:14:26 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2011.08.08 15:08:40 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll

[2011.07.28 16:08:22 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys

[2011.07.18 19:33:58 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReminderNextRun

[2011.07.04 20:35:52 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2011.07.04 20:35:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2011.07.03 07:12:59 | 000,000,219 | ---- | C] () -- C:\WINDOWS\tropical_beaches1.ini

[2011.07.03 07:12:38 | 000,002,149 | ---- | C] () -- C:\WINDOWS\unins002.dat

[2011.07.03 07:11:01 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\bvcsky.dll

[2011.06.15 05:42:10 | 000,794,906 | ---- | C] () -- C:\WINDOWS\unins001.exe

[2011.06.15 05:42:10 | 000,004,189 | ---- | C] () -- C:\WINDOWS\unins001.dat

[2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f

[2011.06.14 18:12:17 | 000,008,410 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x381dk4b7j15y00k263fp264sbyk7jm08o8f

[2011.06.08 21:02:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011.06.05 23:59:21 | 000,037,556 | ---- | C] () -- C:\WINDOWS\System32\Sylvunins.exe

[2011.06.05 20:40:40 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\UnInstall Tweety Time V4.exe

[2011.05.28 02:23:58 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room_v3.dat

[2011.05.08 02:09:39 | 000,000,130 | ---- | C] () -- C:\WINDOWS\System32\rpicfica.bin

[2011.04.23 18:08:16 | 000,000,212 | ---- | C] () -- C:\WINDOWS\topocr.INI

[2011.04.14 02:09:53 | 000,000,108 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011.03.23 10:26:01 | 000,046,658 | ---- | C] () -- C:\Documents and Settings\User\Application Data\room.dat

[2011.03.03 12:01:37 | 000,000,652 | ---- | C] () -- C:\WINDOWS\unins000.dat

[2011.01.15 12:41:36 | 000,000,170 | ---- | C] () -- C:\WINDOWS\game.ini

[2010.10.23 21:44:54 | 000,000,088 | ---- | C] () -- C:\WINDOWS\StyleBuilder.INI

[2010.10.19 05:48:04 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Readiris.ini

[2010.09.29 19:35:24 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY.INI

[2010.09.14 12:07:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\SW_Win2000X9.DLL

[2010.09.14 12:05:54 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win3112X32.DLL

[2010.09.14 12:05:33 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\beconvlib.dll

[2010.09.14 12:05:33 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\bprgcomm.dll

[2010.09.14 12:05:33 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll

[2010.09.14 12:05:33 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx151ic.ini

[2010.09.14 12:05:32 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SII_PDF.dll

[2010.09.14 12:05:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll

[2010.09.14 12:05:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll

[2010.09.14 12:05:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RegisterExe.exe

========== LOP Check ==========

[2012.04.17 06:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com

[2007.10.04 05:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems

[2010.09.11 19:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision

[2011.10.03 20:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Antenna Magus

[2011.02.22 01:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem

[2010.08.17 13:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare

[2010.01.31 19:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth

[2010.12.17 22:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess

[2009.11.05 03:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software

[2008.08.31 18:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buena Vista Games

[2008.11.10 19:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cabela's® Big Game Hunter III Saves

[2009.11.18 01:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloanto

[2008.12.17 22:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters

[2011.02.18 16:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2007.12.03 14:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Default

[2011.01.22 12:03:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS

[2011.04.04 00:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core

[2012.02.12 15:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2011.08.21 07:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2010.09.15 20:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4

[2008.07.25 12:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios

[2011.07.01 18:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesForOne

[2010.02.03 05:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameXzone

[2010.09.24 17:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2012.01.12 16:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo

[2011.11.04 10:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI

[2008.09.21 20:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9

[2011.06.28 13:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments

[2011.11.23 21:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeKSoft

[2011.11.23 21:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\o1rdee

[2010.09.24 17:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2008.10.27 16:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2011.04.14 00:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment

[2010.08.26 17:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2011.08.22 14:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Readon

[2009.11.05 03:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited

[2011.04.14 00:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games

[2011.04.21 02:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2012.01.12 16:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

[2010.08.25 15:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive

[2011.07.28 16:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg

[2011.07.28 16:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft

[2011.08.31 14:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited

[2011.04.05 14:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2009.05.18 17:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick

[2012.01.12 16:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2007.12.03 17:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Urban FreeStyle Soccer

[2010.09.17 20:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2011.09.02 00:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VST3 Presets

[2009.09.21 06:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X3mE Yamb

[2010.08.08 21:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Z-Software

[2011.08.31 15:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon

[2012.04.21 09:43:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

[2009.05.28 14:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{27ED786F-D773-47F8-93EB-8A249414AD30}

[2011.11.23 05:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\.purple

[2009.05.31 20:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\123 Free Solitaire

[2011.07.01 17:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\1st Free Solitaire

[2011.11.04 11:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\2K Sports

[2009.12.04 04:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\3DFA

[2011.07.03 07:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\7art

[2012.04.17 06:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\abelhadigital.com

[2007.10.08 00:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ACD Systems

[2008.01.11 11:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Acoustica

[2011.04.03 14:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Activision

[2010.11.05 03:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AKVIS LLC

[2009.03.22 19:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Anvil Studio

[2011.01.24 07:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Apowersoft

[2010.06.03 19:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Astro Gemini Software

[2012.04.08 06:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Audacity

[2010.11.04 01:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auto FX Software

[2008.03.17 14:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AvexLab

[2008.08.29 14:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Big Fish Games

[2009.01.09 16:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Black Sea Studios

[2011.10.31 03:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BSplayer Pro

[2008.12.17 03:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ChaosPro

[2011.02.03 17:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Chessmaster Challenge

[2009.08.20 05:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Cloanto

[2007.12.02 16:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ConvertTemp

[2009.12.29 17:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\COWON

[2011.02.27 04:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Lite

[2011.09.27 17:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dekart

[2011.06.09 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DVD Catalyst 4

[2010.05.30 19:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\elefundesktops

[2009.09.11 17:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Eltima Software

[2010.11.15 14:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\enchant

[2011.08.21 07:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ESET

[2010.09.15 20:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\F4

[2008.04.07 17:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FDRLab

[2009.05.14 03:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FixerLabs

[2010.06.21 16:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\fltk.org

[2008.09.21 20:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GameHouse

[2010.12.17 22:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GameRanger

[2008.07.26 19:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Games

[2008.08.11 00:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GamesCafe

[2011.07.01 18:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GamesForOne

[2012.03.28 06:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo

[2011.07.01 18:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Goodsol

[2008.10.27 04:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GrassGames

[2012.04.20 04:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0

[2011.01.20 22:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Hornil

[2011.06.25 04:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Hoyle

[2010.02.08 20:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Hoyle FaceCreator

[2007.12.30 17:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech

[2008.12.22 20:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LEAPS

[2012.02.09 23:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Licenses_

[2011.04.14 23:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LockHunter

[2010.08.27 10:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LolClient

[2008.10.23 01:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MailWasher

[2012.04.29 21:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MailWasherPro

[2011.07.04 18:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Marine Aquarium 3

[2009.10.05 19:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mikrotik

[2008.10.16 21:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mount&Blade

[2011.02.03 15:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mount&Blade Warband

[2011.06.18 08:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mount&Blade With Fire and Sword

[2010.06.05 10:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mp3tag

[2012.02.12 18:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Need for Speed World

[2009.09.21 04:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Neverball

[2010.09.24 17:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia

[2009.09.04 00:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera

[2012.04.27 00:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle

[2007.10.22 02:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Orbit

[2011.12.15 08:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OxelonMC

[2012.04.25 04:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OxyCube

[2010.09.24 17:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite

[2008.12.22 20:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Pegasys Inc

[2010.01.30 05:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PhoneRemoteControl

[2008.10.27 16:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst

[2011.04.05 14:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PunkBuster

[2008.08.13 10:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PySolFC

[2010.06.09 23:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\qs

[2012.04.25 20:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan

[2012.03.30 16:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Rovio

[2009.12.01 15:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\runic games

[2007.12.02 16:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Samsung

[2009.09.24 15:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ScummVM

[2009.05.28 14:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Seven Zip

[2010.08.25 15:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive

[2011.09.02 00:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Steinberg

[2009.10.29 02:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Synthesia

[2007.12.02 16:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Temporary

[2010.08.17 14:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Creative Assembly

[2011.08.28 01:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\The Longest Journey

[2010.01.04 04:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thinstall

[2010.11.25 17:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TransRender

[2008.12.08 17:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TuneUp Software

[2008.11.20 16:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubi.com

[2011.04.27 00:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ubisoft

[2009.05.18 17:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\UClick

[2012.01.12 17:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ulead Systems

[2009.04.03 02:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Uniblue

[2012.04.21 07:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent

[2009.10.27 15:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\VitySoft

[2012.01.18 20:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Vso

[2012.02.09 08:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WeatherPulse

[2008.05.06 10:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WNR

[2009.09.21 06:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\X3mE Yamb

[2010.08.08 21:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Z-Software

[2011.08.31 15:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Zeon

[2012.02.24 13:10:39 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\photostageShakeIcon.job

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

I checked out pc with Stinger (MC Afee). It found one generic type of trojan, Artemis (with lots of numbers in name). I have log file, if you want I can attach it too.

All the best :)

Share this post


Link to post
Share on other sites

Yes, please. Post it in your next reply.

Share this post


Link to post
Share on other sites

McAfee® Labs Stinger Version 10.2.0.599 built on Apr 27 2012

Copyright © 2011 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on Apr 27 2012.

Ready to scan for 4321 viruses, trojans and variants.

Scan initiated on Sun Apr 29 21:56:49 2012

Rootkit scan result : Not Scanned

Master Boot Record(s):....2

Possibly Infected:.............0

Boot Sector(s):.................5

Possibly Infected: ............0

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76183

Found the Artemis!DAAB7C794B82 trojan !!!

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76183 is infected with the Artemis!DAAB7C794B82 virus !!!

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76183 has been deleted.

C:\Program Files\WSC install\WSCV5\start.exe

Found the Artemis!6890C484BDC2 trojan !!!

C:\Program Files\WSC install\WSCV5\start.exe is infected with the Artemis!6890C484BDC2 virus !!!

C:\Program Files\WSC install\WSCV5\start.exe has been deleted.

C:\Program Files\WSC install\WSCV5.exe\START.EXE

Found the Artemis!6890C484BDC2 trojan !!!

C:\Program Files\WSC install\WSCV5.exe\START.EXE is infected with the Artemis!6890C484BDC2 virus !!!

C:\Program Files\WSC install\WSCV5.exe\START.EXE could not be repaired.

C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP10\A0002633.exe

Found the Artemis!6890C484BDC2 trojan !!!

C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP10\A0002633.exe is infected with the Artemis!6890C484BDC2 virus !!!

C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP10\A0002633.exe has been deleted.

Number of clean files: 663330

Number of infected files: 4

Number of files cleaned: 3

Share this post


Link to post
Share on other sites

I don't know if this will help: I noticed that something doesn't allow continious outgoing traffic. So, I am able to ping sites, but I cannot do trace route. I cannot log in to gmail and some other sites with login procedure, but I can click while I surf around and all clicks works. But, any continious sending data is interupted.

Facebook is special story-if I clear cash/cookies in browser, I will be able to log in and that would be all I can do on Facebook. Then, any click result in endless 'waiting for www.facebook.com/...'

It seems I collected some rare beast :)

Share this post


Link to post
Share on other sites

C:\Documents and Settings\User\My Documents\2007822041014.zip a variant of Win32/TFTPD32.B application deleted - quarantined

C:\Program Files\Perfect Uninstaller\PU.exe a variant of Win32/PerfectUninstaller application cleaned by deleting - quarantined

C:\Program Files\Transcribe!\Transcribe 7.xx for Windows Patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined

C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP13\A0002783.exe Win32/PSWTool.PassFox.A application cleaned by deleting - quarantined

C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP13\A0002789.exe a variant of Win32/PerfectUninstaller application cleaned by deleting - quarantined

C:\System Volume Information\_restore{42BC42E3-B2DE-461B-93D2-D12BCB23D028}\RP13\A0002790.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined

D:\Room.Arranger.v5.01.Multilingual-DVT.zip a variant of Win32/HackTool.Patcher.F application deleted - quarantined

D:\roomarrangerv5.01patchdevotion.zip a variant of Win32/HackTool.Patcher.F application deleted - quarantined

D:\IGRICE\Mount&Blade\m&b_loader.exe probably a variant of Win32/HackTool.Patcher.N application cleaned by deleting - quarantined

D:\IGRICE\Valve\Super Simple Wall v2.1\SSWv2.1.exe probably a variant of Win32/DllInject.E application cleaned by deleting - quarantined

D:\IGRICE\Warcraft III\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

D:\NEW DOWNLOADS 4\badboy51\BAd BOy\BaDBoYv5.dll a variant of Win32/GameHack.Q application cleaned by deleting - quarantined

D:\NEW DOWNLOADS 4\badboy51\BAd BOy\BaDBoYv5.exe probably a variant of Win32/DllInject.E application cleaned by deleting - quarantined

D:\NEW DOWNLOADS 4\Sound Forge 7\keygen.exe a variant of Win32/Keygen.AQ application cleaned by deleting - quarantined

D:\NEW DOWNLOADS 4\Super Simple Wall v2.1\Super Simple Wall v2.1\SSWv2.1.exe probably a variant of Win32/DllInject.E application cleaned by deleting - quarantined

D:\NEW DOWNLOADS 5\UltraSurf 9.5\u95.exe a variant of Win32/UltraReach.AC application cleaned by deleting - quarantined

D:\Room.Arranger.v5.01.Multilingual-DVT\Room.Arranger.v5.01.Multilingual-DVT\DVT\PATCH.EXE a variant of Win32/HackTool.Patcher.F application cleaned by deleting - quarantined

D:\roomarrangerv5.01patchdevotion\Room.Arranger.v5.01.Multilingual-DVT\DVT\PATCH.EXE a variant of Win32/HackTool.Patcher.F application cleaned by deleting - quarantined

D:\Torrent Downloads\Spyware_Doctor_v5.1.0.273\Keygen\Keygen.exe a variant of Win32/Keygen.BP application cleaned by deleting - quarantined

F:\Download arhiva 5\mb_loader.zip probably a variant of Win32/HackTool.Patcher.N application deleted - quarantined

F:\MAXTOR F PARTICIJA\ARHIVA STARI KOMPJUTER\Transcribe!\snd-transcribe7.xxforwindows.universalpatch.zip a variant of Win32/HackTool.Patcher.A application deleted - quarantined

F:\MAXTOR F PARTICIJA\ARHIVA STARI KOMPJUTER\Transcribe!\Transcribe 7.xx for Windows Patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined

F:\MAXTOR F PARTICIJA\ARHIVA STARI KOMPJUTER\Transcribe!\snd-transcribe7.xxforwindows.universalpatch\Transcribe 7.xx for Windows Patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined

F:\MAXTOR H PARTICIJA\My Documents\00 NOVE STVARI\2freeripmp3.exe Win32/AdInstaller application deleted - quarantined

F:\MAXTOR H PARTICIJA\My Documents\DAP Downloads\pz-rhdoctrn3.zip a variant of Win32/GameHack.S application deleted - quarantined

F:\MAXTOR H PARTICIJA\My Documents\DAP Downloads\pz-rhdoctrn3\pztrain.exe a variant of Win32/GameHack.S application cleaned by deleting - quarantined

F:\MAXTOR H PARTICIJA\New Disk 3\metro.exe Win32/Joke.SlideScreen application cleaned by deleting - quarantined

F:\MAXTOR H PARTICIJA\New Disk 3\Viagra.exe Win32/Joke.VirtualViagra.A application cleaned by deleting - quarantined

F:\Nero 6.6.0.13\Keygen.exe a variant of Win32/Keygen.CY application cleaned by deleting - quarantined

F:\New Torents\Perfect Uninstaller 6.3.3.8 + Serial -TrT\PerfectUninstaller_Setup.exe a variant of Win32/PerfectUninstaller application deleted - quarantined

F:\RAZNO\AudioProc.v1.81.Plugin.for.Winamp.WinAll.Incl.Keygen.rar.part a variant of Win32/Keygen.AK application deleted - quarantined

F:\RAZNO\call.of.duty.2.keygen-tsrh.zip a variant of Win32/Keygen.CU application deleted - quarantined

F:\RAZNO\PerfectUninstaller_Setup.exe a variant of Win32/PerfectUninstaller application deleted - quarantined

F:\RAZNO\SUPERsetup.exe Win32/OpenCandy application deleted - quarantined

F:\RAZNO\winamp5621_full_emusic-7plus_all.exe Win32/OpenCandy application deleted - quarantined

F:\RAZNO\call.of.duty.2.keygen-tsrh\keygen.exe a variant of Win32/Keygen.CU application cleaned by deleting - quarantined

F:\RAZNO\passwordfox\PasswordFox.exe Win32/PSWTool.PassFox.A application cleaned by deleting - quarantined

F:\RAZNO\PhotoKit for Adobe Photoshop v1.2.9-2\PhotoKit for Adobe Photoshop v1.2.9\PhotoKit for Adobe Photoshop v1.2.9\bonus\Trojan_Remover_6.8.2_Build_2596.rar a variant of Win32/HackTool.Patcher.T application deleted - quarantined

G:\Downloads\Adobe_Photoshop_Lightroom_v3.6_Multilingual_Portable.rar a variant of Win32/Keygen.BH application deleted - quarantined

G:\Downloads\Adobe_Photoshop_Lightroom_v3.6_Multilingual_Portable\Adobe Photoshop Lightroom v3.6 Multilingual Portable\hosts patch\keygen.exe a variant of Win32/Keygen.BH application cleaned by deleting - quarantined

H:\Angry.Birds.Space.v1.0.0.cracked-THETA.zip a variant of Win32/HackTool.Patcher.U application deleted - quarantined

H:\DTLite4453-0297.exe Win32/OpenCandy application deleted - quarantined

H:\Angry.Birds.Space.v1.0.0.cracked-THETA\Angry.Birds.Space.v1.0.0.cracked-THETA\Patch\Patch.exe a variant of Win32/HackTool.Patcher.U application cleaned by deleting - quarantined

H:\IGRICE\KONAMI\Pro Evolution Soccer 2012\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined

Situation is, unfortunatelly, the same...

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.