Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Black desktop with only two icons

Started by Andro , Nov 10 2011 06:07 PM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 19 November 2011 - 03:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The Avira detections are in the system restore points or in your Java cache. I will clear the Java cache now and the restore points when we are done

Some folders are still hidden (like System Volume Infromation)

That one is meant to be hidden :)

Once this run is complete could you let me know about any outstanding problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Reg
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "mW[ķµˆÖ¾`=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#17
Andro
Posted 20 November 2011 - 07:19 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
When I clicked Run fix button all icons disappeared then OTL stopped responding ( there is just a text where writes Killing processes.DO NOT INTERUPT...)
I waited almost half an hour but nothing happened. I had to restart my comp (icons returned). I tried to run this fix again but it was the same...

Any ideas?
  • 0

#18
Essexboy
Posted 21 November 2011 - 01:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm that would suggest it is a corrupt registry entry - so is of no import

How is the computer behaving now ?
  • 0

#19
Andro
Posted 21 November 2011 - 03:18 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
I run OTL again and this is what I managed to do...hope it helps!

Files\Folders moved on Reboot...
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

Registry entries deleted on Reboot...

Can you tell me please your suggestions about next steps?

My computer works fine...I didn't see any warnings or messages about infections/malwares
  • 0

#20
Essexboy
Posted 21 November 2011 - 03:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#21
Andro
Posted 22 November 2011 - 06:06 AM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
One more question before I start with removing any of these tools...

The computer is behaving normal but when I watch some shows online via Dailymotion (like last night) where one show is divided into parts there appears the following and repeats every few minutes (by Avira)...

Type: URL
Source: http://yieldadvertis...DOM_NUMBER_HERE
Status: Infected
Quarantine object: 4cd27aed.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows XP/VISTA Workstation/Windows 7
Search engine: 8.02.06.116
Virus definition file: 7.11.17.250
Detection: HTML/Infected.WebPage.Gen3
Date/Time: 11/22/2011, 0:31

This doesn't appear in all parts!

Beside that Malwarebytes detected at the same time sth like this

00:24:48 andro DETECTION C:\Program Files\Mozilla Firefox\0.9189818646931788.exe Exploit.Dropper QUARANTINE
00:24:55 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.09812290221076791.exe Exploit.Drop.2 QUARANTINE
00:25:00 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.3626286372700901.exe Exploit.Drop.2 QUARANTINE
00:25:04 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.372239929999874.exe Exploit.Drop.2 QUARANTINE
00:25:05 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.28637058563783524.exe Exploit.Drop.2 QUARANTINE
00:25:05 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.6054145981817208.exe Exploit.Drop.2 QUARANTINE
00:25:06 andro DETECTION C:\Program Files\Mozilla Firefox\0.9189818646931788.exe Exploit.Dropper DENY
00:25:06 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.32575638915603367.exe Exploit.Drop.2 QUARANTINE
00:25:06 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.3626286372700901.exe Exploit.Drop.2 DENY
00:25:06 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.6054145981817208.exe Exploit.Drop.2 DENY
00:25:06 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.28637058563783524.exe Exploit.Drop.2 DENY
00:25:06 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.372239929999874.exe Exploit.Drop.2 DENY
00:25:06 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.09812290221076791.exe Exploit.Drop.2 DENY
00:25:06 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.6054145981817208.exe Exploit.Drop.2 DENY
00:25:06 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.32575638915603367.exe Exploit.Drop.2 DENY
00:25:06 andro DETECTION C:\Documents and Settings\andro\Local Settings\temp\0.32575638915603367.exe Exploit.Drop.2 DENY

I think this is happening because one of those banners is infected on that site (I can give you the link if you wish)...

Can u give me some advice please?

Thank you!
  • 0

#22
Essexboy
Posted 22 November 2011 - 01:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Firstly keep away from the site.

As an alternative let the site admin know so that the infection can be removed

But the bottom line is if you keep visiting the site whilst it is infected then something will eventually get through

Clear all your temporary files using TFC

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Then run a full Malwarebytes scan to ensure nothing is loitering, if it is then could you post a fresh OTL log please
  • 0

#23
Andro
Posted 23 November 2011 - 03:52 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
I downloaded and run TFC but it's the same story like at OTL! When I click Start button desktop disappear then the program stops responding and I have no other choice except to restart my comp because nothing happens...don't know why :(

Should I continue with Malwarebytes scan and then OTL?
  • 0

#24
Essexboy
Posted 23 November 2011 - 03:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes continue - but when you run TFC it will close all running processes and your desktop/icons will disappear whilst it works - it may take a while dependant on how much there is in your temporary folders
  • 0

#25
Andro
Posted 23 November 2011 - 04:44 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
I think you didn't understand me...I know this tool will stop running processes and that desktop will disappear but TFC just freezes! First it writes:Getting user folders. Stopping running processes. After that nothing happens. If I try to close it then writes TFC (Not Responding). I can't close it even with Ctrl+Alt+Delete combination...all I can do is that I restart my computer!
  • 0

Advertisements

#26
Essexboy
Posted 23 November 2011 - 04:47 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will check that out - thanks for the clarification
  • 0

#27
Andro
Posted 24 November 2011 - 09:56 AM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
Please let me know what did you find out!

So...I continued with full Malwarebytes and quick OTL scans and here are both logs...

Mbam

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Različica baze: 8227

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/24/2011 4:37:48
mbam-log-2011-11-24 (04-37-48).txt

Tip pregleda: Polni pregled (C:\|D:\|E:\|F:\|G:\|H:\|)
Preverjenih objektov: 295965
Pretečen čas: 1 ur, 45 minut, 21 sekund

Okuženih spominskih procesov: 0
Okuženih spominskih modulov: 0
Okuženih ključev registra: 0
Okuženih vrednosti registra: 0
Okuženih vnosov v register: 0
Okuženih map: 0
Okuženih datotek: 3

Okuženih spominskih procesov:
(Ni bilo najdenih zlonamernih objektov)

Okuženih spominskih modulov:
(Ni bilo najdenih zlonamernih objektov)

Okuženih ključev registra:
(Ni bilo najdenih zlonamernih objektov)

Okuženih vrednosti registra:
(Ni bilo najdenih zlonamernih objektov)

Okuženih vnosov v register:
(Ni bilo najdenih zlonamernih objektov)

Okuženih map:
(Ni bilo najdenih zlonamernih objektov)

Okuženih datotek:
c:\documents and settings\andro\application data\Sun\Java\deployment\cache\6.0\2\3c644c02-72f66822 (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\andro\local settings\temp\jar_cache2673197422302388770.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\andro\local settings\temp\jar_cache2763038663111158936.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.

OTL

OTL logfile created on: 11/24/2011 13:38:12 - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\andro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: M/d/yyyy

2,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,13% Memory free
3,85 Gb Paging File | 2,91 Gb Available in Paging File | 75,51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 131,22 Gb Free Space | 56,35% Space Free | Partition Type: NTFS

Computer Name: JUD-03F4AE0B207 | User Name: andro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 21:24:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
PRC - [2011/11/09 23:19:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/09 16:35:10 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/09 16:35:10 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/11 14:00:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:00:10 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/11 14:00:08 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/27 11:18:14 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/09/27 11:15:38 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2009/03/05 15:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/17 02:28:37 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/11 11:17:32 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/11/09 23:19:41 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/09 16:35:12 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/09 16:35:12 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/09 16:35:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/10/11 14:00:22 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/02/05 19:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ekrn)
SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
SRV - [2011/11/09 16:35:10 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/11 14:00:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:00:10 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 14:00:08 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/27 11:15:38 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/03/09 07:37:38 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2009/02/15 22:01:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - [2011/11/15 23:27:57 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/11/09 16:35:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/09 16:35:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/11 14:00:32 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/10 17:43:33 | 006,108,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/29 18:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/01/19 17:14:50 | 000,409,728 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC610NC.SYS -- (SPC610NC)
DRV - [2007/01/19 17:14:50 | 000,409,728 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC610NC.SYS -- (SPC500NC)
DRV - [2005/07/12 18:53:20 | 000,007,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\andro\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\andro\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=7: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\andro\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/21 12:11:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 23:19:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 00:20:15 | 000,000,000 | ---D | M]

[2009/05/28 14:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions
[2009/05/28 14:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Extensions\[email protected]
[2011/10/17 14:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions
[2010/04/27 23:16:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/11 11:22:35 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/04/30 12:18:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/11 23:48:19 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Documents and Settings\andro\Application Data\Mozilla\Firefox\Profiles\gp94uszv.default\extensions\[email protected]
[2011/11/15 23:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 23:19:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/08/29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/05/07 11:40:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 23:19:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRealMode = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide....ageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.255.209.79 84.255.210.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A4DC16C-EC4E-4C90-9FDA-18354A1D5250}: DhcpNameServer = 84.255.209.79 84.255.210.79
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/06 22:34:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/23 12:15:26 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\TFC.exe
[2011/11/21 21:24:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2011/11/21 21:23:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/18 23:02:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/18 23:02:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/18 23:02:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/18 23:02:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/18 23:02:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/18 23:02:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\andro\Start Menu\Programs\Administrative Tools
[2011/11/18 22:57:12 | 004,300,722 | R--- | C] (Swearware) -- C:\Documents and Settings\andro\Desktop\ComboFix.exe
[2011/11/16 23:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Desktop\Recovery
[2011/11/15 23:03:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/15 22:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2011/11/14 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Desktop\RK_Quarantine
[2011/11/11 11:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Local Settings\Application Data\adaware
[2011/11/11 11:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/11/11 11:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/11/11 11:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Application Data\adawaretb
[2011/11/11 11:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2011/11/11 11:15:24 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/11 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/11/10 21:14:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\andro\Recent
[2011/11/10 21:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/11/02 15:06:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andro\Desktop\Programi za popravljanje

========== Files - Modified Within 30 Days ==========

[2011/11/24 13:44:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2011/11/24 13:43:52 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job
[2011/11/24 13:32:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004UA.job
[2011/11/24 13:13:59 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
[2011/11/24 13:13:39 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1004.job
[2011/11/24 13:13:22 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/24 13:13:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/24 13:11:09 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
[2011/11/24 13:11:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/24 04:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/23 22:30:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/23 20:32:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1972579041-839522115-1004Core.job
[2011/11/23 12:59:24 | 000,002,404 | ---- | M] () -- C:\WINDOWS\System32\ASOROSet.bin
[2011/11/23 12:15:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\TFC.exe
[2011/11/22 15:02:14 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2011/11/21 21:24:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andro\Desktop\OTL.exe
[2011/11/21 18:52:16 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/21 18:52:16 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/18 22:57:33 | 004,300,722 | R--- | M] (Swearware) -- C:\Documents and Settings\andro\Desktop\ComboFix.exe
[2011/11/17 15:59:51 | 000,107,844 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Hidden files&folders.JPG
[2011/11/17 00:05:30 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/16 23:44:38 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Repair.vbs
[2011/11/16 23:42:41 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Windows XP Tips - Ramesh.url
[2011/11/16 23:41:29 | 000,007,252 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\admintools.zip
[2011/11/16 23:38:58 | 000,014,797 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\accrestore.zip
[2011/11/16 21:47:52 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\unhide.exe
[2011/11/16 15:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1972579041-839522115-1003.job
[2011/11/15 23:27:57 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/14 21:55:43 | 000,747,008 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\RogueKiller.exe
[2011/11/11 11:37:17 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/09 23:24:47 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/09 22:53:40 | 000,270,152 | ---- | M] () -- C:\Documents and Settings\andro\My Documents\Alja.rtf
[2011/11/09 16:35:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/06 15:29:42 | 009,252,277 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 08 - www.FolkoTeka.com - Ako me umiris sad.mp3
[2011/11/06 15:26:26 | 007,684,905 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 07 - www.FolkoTeka.com - Andjele.mp3
[2011/11/06 15:20:40 | 006,972,276 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 05 - www.FolkoTeka.com - Mana.mp3
[2011/11/06 15:11:45 | 007,388,161 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 02 - www.FolkoTeka.com - Pevajte mi pesme.mp3
[2011/11/06 14:34:46 | 005,715,808 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Ado Gegaj 2011 - www.FolkoTeka.com - Vila srece.mp3
[2011/11/06 13:51:46 | 008,480,021 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 07 - Bivsa draga - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:49:50 | 008,917,827 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 06 - Majka - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:46:10 | 007,334,812 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 05 - Ludo ljeto - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:38:12 | 009,637,767 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 03 - Za koju cijenu si dusu prodala - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:35:13 | 009,062,013 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 02 - Pravo na ljubav - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:31:13 | 008,264,757 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 01 - Subota je ludilo - www.FolkoTeka.com - 2011.mp3
[2011/11/04 12:31:31 | 001,547,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/04 01:44:19 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/04 01:44:19 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 01:39:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/03 14:04:53 | 000,013,480 | ---- | M] () -- C:\Documents and Settings\andro\Desktop\T2 Playlist 19.10.2011.m3u

========== Files Created - No Company Name ==========

[2011/11/23 12:55:20 | 000,002,404 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2011/11/18 23:02:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/18 23:02:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/18 23:02:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/18 23:02:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/18 23:02:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/17 15:59:51 | 000,107,844 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Hidden files&folders.JPG
[2011/11/16 23:44:40 | 000,002,258 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Repair.vbs
[2011/11/16 23:42:41 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Windows XP Tips - Ramesh.url
[2011/11/16 23:42:05 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\AdminTools.exe
[2011/11/16 23:41:31 | 000,007,252 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\admintools.zip
[2011/11/16 23:39:58 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\AccRestore.exe
[2011/11/16 23:39:01 | 000,014,797 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\accrestore.zip
[2011/11/16 21:47:53 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\unhide.exe
[2011/11/15 23:25:16 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/14 22:09:20 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLounge.lnk
[2011/11/14 22:09:20 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2011.lnk
[2011/11/14 22:09:20 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/14 22:09:20 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/11/14 22:09:20 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/14 22:09:20 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/14 22:09:20 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/14 22:09:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/14 22:09:20 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/14 22:09:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/14 22:09:20 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegClean Pro.lnk
[2011/11/14 22:09:20 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/11/14 22:09:20 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/11/14 22:09:20 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\andro\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/14 22:09:19 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011/11/14 22:09:19 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/14 22:09:19 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/14 22:09:17 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/14 22:09:17 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/11/14 22:09:13 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/14 22:09:13 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/11/14 22:09:13 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011/11/14 22:09:13 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2011/11/14 22:09:13 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2011/11/14 22:09:13 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe InDesign CS.lnk
[2011/11/14 22:09:12 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
[2011/11/14 22:09:12 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
[2011/11/14 21:56:18 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/14 21:55:47 | 000,747,008 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\RogueKiller.exe
[2011/11/11 14:18:10 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/11/11 11:15:25 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/06 15:29:32 | 009,252,277 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 08 - www.FolkoTeka.com - Ako me umiris sad.mp3
[2011/11/06 15:26:17 | 007,684,905 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 07 - www.FolkoTeka.com - Andjele.mp3
[2011/11/06 15:20:32 | 006,972,276 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 05 - www.FolkoTeka.com - Mana.mp3
[2011/11/06 15:11:37 | 007,388,161 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Vesna Zmijanac 2011 - 02 - www.FolkoTeka.com - Pevajte mi pesme.mp3
[2011/11/06 14:34:41 | 005,715,808 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Ado Gegaj 2011 - www.FolkoTeka.com - Vila srece.mp3
[2011/11/06 13:51:37 | 008,480,021 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 07 - Bivsa draga - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:49:42 | 008,917,827 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 06 - Majka - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:46:02 | 007,334,812 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 05 - Ludo ljeto - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:38:02 | 009,637,767 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 03 - Za koju cijenu si dusu prodala - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:35:02 | 009,062,013 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 02 - Pravo na ljubav - www.FolkoTeka.com - 2011.mp3
[2011/11/06 13:31:03 | 008,264,757 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\Davor Badrov - 01 - Subota je ludilo - www.FolkoTeka.com - 2011.mp3
[2011/11/04 01:39:04 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/03 14:04:51 | 000,013,480 | ---- | C] () -- C:\Documents and Settings\andro\Desktop\T2 Playlist 19.10.2011.m3u
[2011/04/23 14:07:51 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/23 14:07:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/01/03 14:18:55 | 000,467,968 | ---- | C] () -- C:\WINDOWS\VPro500.exe
[2010/12/13 15:33:36 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SPC610NC.ini
[2010/12/13 14:18:12 | 000,004,990 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/12/11 13:48:21 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/11 13:48:18 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/11 13:48:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/11 13:47:55 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/18 18:27:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/01/09 19:31:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe
[2009/10/29 12:32:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/09 11:09:19 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/08/13 23:13:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/08/03 04:58:44 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2009/03/13 12:38:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/09 07:37:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2008/12/17 14:11:10 | 000,000,572 | ---- | C] () -- C:\WINDOWS\WT.INI
[2008/12/13 21:48:39 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/16 12:18:07 | 000,000,099 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/01 21:21:09 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll
[2008/07/01 21:21:09 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll
[2008/07/01 21:21:09 | 000,271,872 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll
[2008/07/01 21:21:09 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll
[2008/07/01 21:21:09 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll
[2008/07/01 21:21:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll
[2008/07/01 21:21:09 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll
[2008/07/01 21:21:09 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll
[2008/07/01 21:21:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll
[2008/07/01 21:21:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll
[2008/06/11 10:58:20 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/11 10:58:12 | 002,121,235 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/06/11 10:58:12 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/11 10:58:12 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/11 10:58:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/10 11:24:12 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/09 16:40:50 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/09 15:54:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/08 14:23:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/07 15:24:36 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\andro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/07 00:23:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/07 00:22:06 | 001,547,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/06 22:36:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/06 22:30:10 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/19 23:05:00 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/04/19 23:05:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,436,026 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,068,796 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/11/14 19:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/10/14 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2008/07/17 16:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/09/24 12:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2011/01/04 19:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/06/21 22:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/10/14 23:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2008/11/28 14:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/03/12 10:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/09/24 11:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/04/21 02:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2011/10/14 23:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2008/06/17 21:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2011/10/15 00:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/03/10 23:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/02/12 03:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/10/14 23:59:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2009/12/23 15:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/09/03 12:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Acoustica
[2011/11/14 22:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\adawaretb
[2011/08/05 15:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\AskToolbar
[2010/02/12 22:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Auslogics
[2011/10/14 22:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Babylon
[2011/11/10 22:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\BitTorrent
[2010/12/13 14:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Carambis
[2011/10/14 23:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Complitly
[2009/09/24 11:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DriverCure
[2011/08/18 15:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DVDVideoSoft
[2011/08/15 12:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\DVDVideoSoftIEHelpers
[2011/11/10 22:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\GetRightToGo
[2010/06/03 14:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\LimeWire
[2008/06/09 15:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\MSNInstaller
[2009/03/12 10:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\NCH Swift Sound
[2008/10/03 12:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Opera
[2008/06/18 10:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Propellerhead Software
[2010/12/11 13:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\SystemRequirementsLab
[2011/10/15 01:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\Systweak
[2011/10/15 00:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andro\Application Data\TuneUp Software
[2011/11/24 13:13:22 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/11/22 15:02:14 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
[2011/10/15 01:37:43 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
[2011/11/24 04:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/11/24 13:44:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{230EEDDC-82E4-431D-A367-06967DB0A346}.job
[2011/11/24 13:43:52 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{430299A3-091D-4492-A6EA-F3942E2ADFC9}.job

========== Purity Check ==========



< End of report >
  • 0

#28
Essexboy
Posted 24 November 2011 - 12:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The problem appears to come under the heading of system specific... Due to the infinite variations on windows computers sometimes it will freeze

We need to reset your Java now as that is how they are sneaking in

What are your current problems ?

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

  • 0

#29
Andro
Posted 24 November 2011 - 03:18 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts
I deleted older versions and installed latest version of Java.

Otherwise the computer is running ok...I didn't get any warnings about infections since my last posted logs.

If there is anything to do next just write please!
  • 0

#30
Essexboy
Posted 24 November 2011 - 03:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you could run one further quick scan with Malwarebytes, dependant on the result of that and as long as you are happy I will remove my tools and tidy up :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP