Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware dialupass.exe [Solved]

Started by Minna87 , Nov 06 2012 03:40 PM

  • This topic is locked This topic is locked

#1
Minna87
Posted 06 November 2012 - 03:40 PM

Minna87

    New Member

  • Member
  • Pip
  • 9 posts
Hello,

For a longer period of time, I have suspected a person for hacking into my e-mail/facebook/msn. The person has had physical access to my computer on several occasions. Recently, I had that suspicion confirmed when the person revealed my personal information he only could have known if he indeed had compromised some of the above named social networks of mine. I have a Windows 7 32-bit operating system. I immediately ran a scan with SUPERAntiSpyware. Along with some cookies, this is what it detected:

Trojan.Agent/Gen-NetPass
ZIP ARCHIVE( C:\$RECYCLE.BIN\S-1-5-21-622140551-925052141-644574458-1000\$RT2NHQ6.ZIP )/DIALUPASS.EXE
C:\$RECYCLE.BIN\S-1-5-21-622140551-925052141-644574458-1000\$RT2NHQ6.ZIP

I read on the internet that netpass/dialupass.exe is a trojan used for stealing passwords and information. Is this correct? Is there any way of knowing whether somebody installed it on my computer or whether it was me who accidentally picked it up somewhere? The trojan got quarantined by SUPERAntiSpyware. Can I be certain that it is gone now, or are there additional steps to take? What can I do to prevent such malware entering my computer in the first place?

Thank you so much for your time!
Emina
  • 0

Advertisements

#2
maliprog
Posted 07 November 2012 - 12:30 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Minna87 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Backdoor Trojan

Yes. Infection that you found is backdoor trojan. This could allow hackers to remotely control your computer and steal critical system information including passwords.
I recommend you take the following steps immediately:
  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. Also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps


Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.


Step 3

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.


Step 4

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
Minna87
Posted 07 November 2012 - 02:31 PM

Minna87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 7.11.2012 18:01:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\korisnik\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000141a | Country: Bosna i Hercegovina | Language: BSB | Date Format: d.M.yyyy

1,75 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 60,14% Memory free
3,49 Gb Paging File | 2,45 Gb Available in Paging File | 69,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 37,09 Gb Free Space | 38,02% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 58,75 Gb Free Space | 43,44% Space Free | Partition Type: NTFS

Computer Name: KORISNIK-PC | User Name: korisnik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.07 17:38:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\korisnik\Desktop\OTL.exe
PRC - [2012.11.06 22:34:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012.11.06 22:34:26 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011.06.21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2011.04.27 17:46:52 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.08.18 10:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 10:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.04.27 09:22:04 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.04.27 09:11:54 | 002,029,640 | ---- | M] (Cracked By Wh!5t|eR) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2002.04.17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002.04.17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2012.09.27 04:01:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\828e99a57411166ccc26d24be089ba44\System.Windows.Forms.ni.dll
MOD - [2012.09.27 04:00:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\12dc22db56f7933e84654ecc590beba5\System.Runtime.Remoting.ni.dll
MOD - [2012.09.27 04:00:14 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a0b35ba07be52485fdb6f36c2b1f880a\System.Web.ni.dll
MOD - [2012.09.27 03:59:38 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\502adc65e43b9d025cba1fd0bfa964a8\System.Drawing.ni.dll
MOD - [2012.09.27 03:59:01 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9447bd5b21a91081d4275b4c4401b1f9\System.ni.dll
MOD - [2012.09.27 03:58:35 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2ab531f4915cccb998c4e852fb7efd00\mscorlib.ni.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.01.21 09:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.01.10 04:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.08.17 01:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2002.04.17 10:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002.04.17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2012.11.06 22:34:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012.10.08 21:34:54 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.23 13:59:56 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\korisnik\AppData\Local\Temp\7zS30EA\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.19 23:57:19 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.12.28 20:12:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.06.21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011.04.27 17:46:52 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010.01.22 01:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.08.18 10:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2009.04.27 09:22:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.04.27 09:22:04 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys -- (AODDriver4.0)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.01 10:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011.12.01 10:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011.10.30 21:01:57 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.14 02:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.14 02:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.11.20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.18 17:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.09.28 17:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.18 11:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.04.27 09:22:12 | 000,113,960 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009.04.27 09:22:08 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009.04.27 09:22:08 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.04.27 09:22:06 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.04.27 09:22:04 | 000,131,976 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bs-ba
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 9F 19 2E B4 00 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000000000000000
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{BDF22A5C-1873-4802-AE49-ED1B797042E9}: "URL" = http://www.google.co...1I7DXTB_enBA476
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://domredi.com/1/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.1
FF - prefs.js..keyword.URL: "http://search.babylo...00000000000&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\korisnik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\korisnik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\korisnik\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\korisnik\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.22 00:42:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\korisnik\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012.03.25 14:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.16 15:52:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 14:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.09.17 21:06:01 | 000,000,000 | ---D | M]

[2011.09.17 21:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Extensions
[2012.11.02 13:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions
[2011.12.31 13:41:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 17:06:13 | 000,021,707 | ---- | M] () (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions\[email protected]
[2012.03.29 17:06:13 | 000,007,972 | ---- | M] () (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions\[email protected]
[2012.04.22 01:17:05 | 000,086,809 | ---- | M] () (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions\[email protected]
[2012.04.16 15:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.10.27 21:52:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.16 15:52:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.04.22 01:17:17 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.03.15 13:08:40 | 000,005,265 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pik.xml
[2012.03.15 13:08:40 | 000,001,370 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tajpi.xml
[2012.03.15 13:08:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.03.15 13:08:40 | 000,001,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bs.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\korisnik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\korisnik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Ludara.com = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahpchpggdidiaodmkpdfihbppnlpdela\1.0_0\
CHR - Extension: YouTube = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3_0\
CHR - Extension: Google pretra\u017Eivanje = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RewardsArcade Suite = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.20.60_0\crossrider
CHR - Extension: RewardsArcade Suite = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.20.60_0\
CHR - Extension: CPDD-Blossom = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlialpgnoagkdecfaggejocpfdbommon\1.4_0\
CHR - Extension: 1Click Downloader = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: http://www.spilljack...m/casino-bonus/ = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckfghnhhicdgfbmbegfeehnaadjphco\2012.11.1.36716_0\
CHR - Extension: Gmail = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (Cracked By Wh!5t|eR)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\korisnik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Pošalji u OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ošalji u OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Pove&zane bilješke programa OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Pove&zane bilješke programa OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C18FA74-4D80-4988-9E2F-886A7352283D}: NameServer = 195.222.60.60 195.222.32.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A29FD984-0247-49BA-B6EE-C671D56D8AE8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA70549D-2BAB-4CF9-AF3E-FBAE99B24BFC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.11.07 17:38:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\korisnik\Desktop\OTL.exe
[2012.11.06 19:51:06 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.06 14:57:30 | 000,000,000 | ---D | C] -- C:\Users\korisnik\AppData\Roaming\Malwarebytes
[2012.11.06 14:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.06 14:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.06 14:57:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.06 14:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.04 22:11:37 | 000,000,000 | ---D | C] -- C:\Users\korisnik\Desktop\SDL Trados Studio 2011 Pro SP2
[2012.11.04 22:00:16 | 000,000,000 | ---D | C] -- C:\Users\korisnik\Desktop\Trados2011SP2
[2012.11.04 19:47:39 | 000,000,000 | ---D | C] -- C:\Users\korisnik\AppData\Local\DownTango
[2012.11.04 19:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Red Sky
[2012.11.04 19:30:28 | 000,000,000 | ---D | C] -- C:\Users\korisnik\AppData\Roaming\YourFileDownloader
[2012.11.02 13:32:27 | 000,000,000 | ---D | C] -- C:\Users\korisnik\Desktop\Muzika 2012
[2012.11.02 13:25:38 | 000,000,000 | ---D | C] -- C:\Users\korisnik\Desktop\web stranica
[2012.10.17 15:58:26 | 000,000,000 | ---D | C] -- C:\Users\korisnik\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2 C:\Users\korisnik\Desktop\*.tmp files -> C:\Users\korisnik\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.07 18:09:06 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.07 18:06:06 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-622140551-925052141-644574458-1000UA.job
[2012.11.07 18:06:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-622140551-925052141-644574458-1000Core.job
[2012.11.07 17:57:47 | 005,390,336 | ---- | M] () -- C:\Users\korisnik\Desktop\Mazzy Star-Into Dust.mp3
[2012.11.07 17:38:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\korisnik\Desktop\OTL.exe
[2012.11.07 17:34:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.07 17:20:41 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 17:20:41 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 17:18:09 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012.11.07 17:17:21 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.07 17:17:21 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.07 17:13:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.07 17:12:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.07 17:12:53 | 1406,820,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.07 00:30:13 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.06 00:13:54 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.05 11:44:28 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.11.04 22:58:36 | 000,061,782 | ---- | M] () -- C:\Users\korisnik\Desktop\10289_10151408042388066_117202102_n.jpg
[2012.11.04 19:47:25 | 000,000,014 | ---- | M] () -- C:\end
[2012.11.03 17:15:40 | 003,504,020 | ---- | M] () -- C:\Users\korisnik\Desktop\DSC04962.JPG
[2012.11.03 17:14:50 | 003,326,153 | ---- | M] () -- C:\Users\korisnik\Desktop\DSC04955.JPG
[2012.11.03 15:57:14 | 005,102,765 | ---- | M] () -- C:\Users\korisnik\Desktop\DSC04951.JPG
[2012.11.02 14:05:46 | 004,906,952 | ---- | M] () -- C:\Users\korisnik\Desktop\DSC04885.JPG
[2012.10.29 13:05:12 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2 C:\Users\korisnik\Desktop\*.tmp files -> C:\Users\korisnik\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.07 17:57:14 | 005,390,336 | ---- | C] () -- C:\Users\korisnik\Desktop\Mazzy Star-Into Dust.mp3
[2012.11.06 14:57:21 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.04 22:58:35 | 000,061,782 | ---- | C] () -- C:\Users\korisnik\Desktop\10289_10151408042388066_117202102_n.jpg
[2012.11.04 19:47:24 | 000,000,014 | ---- | C] () -- C:\end
[2012.11.03 17:13:25 | 003,504,020 | ---- | C] () -- C:\Users\korisnik\Desktop\DSC04962.JPG
[2012.11.03 17:13:24 | 005,102,765 | ---- | C] () -- C:\Users\korisnik\Desktop\DSC04951.JPG
[2012.11.03 17:13:24 | 003,326,153 | ---- | C] () -- C:\Users\korisnik\Desktop\DSC04955.JPG
[2012.11.02 16:53:07 | 004,906,952 | ---- | C] () -- C:\Users\korisnik\Desktop\DSC04885.JPG
[2012.09.28 12:38:53 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2012.01.19 13:41:59 | 000,027,976 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2012.01.19 13:41:59 | 000,019,272 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2011.12.31 01:32:45 | 000,005,632 | ---- | C] () -- C:\Users\korisnik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.26 00:53:50 | 000,000,000 | ---- | C] () -- C:\Users\korisnik\AppData\Roaming\log.sflog
[2011.12.04 22:08:14 | 000,000,000 | ---- | C] () -- C:\Windows\Waverly.INI
[2011.11.07 22:12:18 | 000,000,235 | ---- | C] () -- C:\Users\korisnik\AppData\Roaming\devices.xml
[2011.11.07 22:12:18 | 000,000,012 | ---- | C] () -- C:\Users\korisnik\AppData\Roaming\settings.xml
[2011.10.09 13:57:40 | 000,033,134 | ---- | C] () -- C:\Users\korisnik\AppData\Roaming\UserTile.png
[2011.09.17 21:59:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.17 21:08:13 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.09.17 21:08:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.09.17 21:08:11 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.09.17 21:08:11 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.09.17 21:08:11 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.04.27 18:05:50 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2010.11.20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.01.03 15:11:50 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Alawar Entertainment
[2011.12.25 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Alawar Stargaze
[2011.12.19 15:53:48 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Artifex Mundi
[2012.11.05 01:30:40 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Azureus
[2012.04.22 01:17:12 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Babylon
[2011.12.02 19:03:06 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Big Fish Games
[2011.12.19 18:17:11 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Blue Tea Games
[2012.10.17 15:58:26 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.25 14:38:16 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\com.w3i.FlipToast
[2011.12.31 13:41:32 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\DVDVideoSoft
[2011.12.31 13:41:19 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.17 21:48:03 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\ESET
[2011.10.27 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Foxit Software
[2012.07.03 15:08:28 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\FreeFileViewer
[2012.01.18 21:51:42 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Frogwares
[2012.11.07 17:21:42 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Nitro PDF
[2011.12.02 17:03:57 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\OpenCandy
[2012.03.19 23:57:22 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Passolo 2009
[2011.12.18 17:11:59 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Phantasmat_bf_se1
[2012.06.24 15:50:33 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\PhotoScape
[2012.01.28 16:08:12 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\PlayFirst
[2012.03.20 00:32:31 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\SDL
[2012.01.19 13:43:59 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\SolidDocuments
[2012.01.14 22:39:49 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Systenance
[2012.11.04 19:30:28 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:BBC9C1EB
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:0BBF232A
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:664852B0
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3B454A5C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:8247A199

< End of report >
  • 0

#4
Minna87
Posted 07 November 2012 - 02:33 PM

Minna87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL Extras logfile created on: 7.11.2012 18:01:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\korisnik\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000141a | Country: Bosna i Hercegovina | Language: BSB | Date Format: d.M.yyyy

1,75 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 60,14% Memory free
3,49 Gb Paging File | 2,45 Gb Available in Paging File | 69,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 37,09 Gb Free Space | 38,02% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 58,75 Gb Free Space | 43,44% Space Free | Partition Type: NTFS

Computer Name: KORISNIK-PC | User Name: korisnik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3C215A5D-0445-4139-A8CC-EC3324FFAF6F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{519A2BF3-B8D4-4E6A-A733-997B4C7D212D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{82FACF10-41AE-4DC9-8978-F29D35352CD9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97F15D9C-7462-4405-BCEA-F150F32C79A2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E5D4CB65-8F16-415A-8D28-479D1E0AFD65}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{132A7CC1-CAF0-4866-A34C-6F196EF422EF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1363A4D7-9697-4EB0-9D0E-995BE7A24D98}" = protocol=17 | dir=in | app=c:\users\korisnik\appdata\local\temp\7zs240f\hpdiagnosticcoreui.exe |
"{45C382F6-C811-4FEE-9302-A0BEDE38F5C4}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{4C732EFE-D09C-4DCB-8D36-97AF10B130D5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{55D85D3E-A3A9-4573-B842-2EF0CF2CE5D5}" = protocol=17 | dir=in | app=c:\users\korisnik\appdata\local\temp\7zs3064\hppiw.exe |
"{5E7C84A2-9911-456F-86D0-A45E22F5D40B}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{61206E43-8599-42CE-A9B5-7094E6D3B227}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6537EC1D-BE52-447D-8ED2-5E2C0B496EFB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{66B4F381-2EA4-4FC7-92B7-E08CFEE42C1D}" = protocol=6 | dir=in | app=c:\users\korisnik\appdata\local\temp\7zs3064\hppiw.exe |
"{6AC38F48-BE46-4717-92C7-ECEE288ED851}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{6FBE5284-A355-42F8-9E90-D5215AC4F8E0}" = protocol=6 | dir=in | app=c:\users\korisnik\appdata\local\temp\7zs240f\hpdiagnosticcoreui.exe |
"{7582B530-3C02-4D0C-A991-8AA079E4EEB3}" = protocol=17 | dir=in | app=c:\users\korisnik\appdata\local\temp\7zs30ea\hppiw.exe |
"{794B8461-4B9A-492E-9FC6-3C54EC1B8F13}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E3271F2-75A0-4C42-9DE1-AC4F9CA1139C}" = protocol=6 | dir=in | app=c:\users\korisnik\appdata\local\temp\7zs2f10\hppiw.exe |
"{80BE42B6-955A-4ADD-9AD9-DBBBBBA41C9B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93CFD5C8-4259-495F-A115-7B5ACE79991F}" = protocol=6 | dir=in | app=c:\users\korisnik\appdata\local\temp\7zs30ea\hppiw.exe |
"{A21BDF04-81E9-4B7F-AB12-5B7848508C00}" = protocol=17 | dir=in | app=c:\users\korisnik\appdata\local\temp\7zs2f10\hppiw.exe |
"{A66699FF-457B-4807-83DE-6124C1EEE746}" = dir=in | app=c:\program files\file type assistant\tsassist.exe |
"{B3EA8414-9923-4F68-B5E8-0FD082812FFC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BCE30259-48C2-4AE5-9CF7-1866F2A64F02}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D1ECD39B-133E-4C76-9749-E55999DC339D}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{E601498D-F8C1-4CCD-8FFF-CB4B0DD65518}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E63232D9-47EA-4D19-9CD4-036E930EDECF}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{F0FBD2CF-7069-431F-91A5-3EDA2484DC94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F16A69C0-D2E9-455D-9EEB-14F0D2909971}" = dir=in | app=c:\program files\freefileviewer\ffvcheckforupdates.exe |
"{F874CB48-D6D4-471F-93E3-36B2E094A41B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{FB99924C-8DFD-45D6-BC75-6C695A21055D}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{FBCDEE7E-20AE-4803-AA2D-7DB7C7B12EAD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{56C85071-8CDE-4303-BB6E-3E39E8D21EA7}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"TCP Query User{E72E7186-1AFE-4950-BF0A-66649DFDBD6B}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{77C75E12-D943-4BB6-A680-EC8E6B758433}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe |
"UDP Query User{F8AC47DB-C94A-4CA2-8628-BC93E1923ED2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0F18668B-C7CE-5BC3-3878-E3DDC53EC228}" = CCC Help Greek
"{0F6D9B10-93CF-57D6-A8C6-61742B549F8C}" = CCC Help Hungarian
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11775B47-F0F5-0D99-9CCB-ADF2F7B4793B}" = CCC Help Korean
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1590A987-E170-860F-E565-FB8B3E0D5E2A}" = CCC Help Czech
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BD1DC49-0B70-0E91-B2FC-58A749838800}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83216014F0}" = Java™ 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{29985347-1105-D77E-6AA0-EDC1B30906F5}" = CCC Help Thai
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5F085-B901-C43E-595C-618C2B005810}" = CCC Help Danish
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2F92F040-AEA9-59A2-4897-3313579EB777}" = Catalyst Control Center Profiles Mobile
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3917BE34-FF0E-8814-79C2-F398B9F5DC71}" = Catalyst Control Center Localization All
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience)
"{51B5FC11-B3FC-E703-1430-B02E1E0102E8}" = CCC Help Turkish
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5D6590E6-5E21-583B-4399-868589376986}" = Catalyst Control Center Graphics Previews Common
"{61B2A4A8-85BF-4C14-5052-5E314B5FDCCA}" = CCC Help German
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68DF4A5B-B921-53B6-37BE-6C5B62813DAD}" = CCC Help Swedish
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F7ECD56-E224-4263-9B7E-158E5CECC43B}" = HP Photo and Imaging 2.1 - Scanjet 2400 Series
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{737DCE46-824C-40BA-8776-81D9D1DB04AB}" = Catalyst Control Center - Branding
"{763DCEBA-0B72-0C7D-61CF-620CE14FC161}" = AMD VISION Engine Control Center
"{778D3250-3061-C6BD-BADB-559B8177F59F}" = CCC Help Norwegian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89465DCC-F57D-B85D-06FF-996EEBB0A17B}" = AMD Fuel
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB1C181-4D7F-2508-DD37-64A22F3BC817}" = ATI Catalyst Install Manager
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E0828BE-44C3-F051-3100-F6FAEE573D55}" = CCC Help Chinese Standard
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0414-0000-0000000FF1CE}" = Microsoft Office Access MUI (Norwegian (Bokmål)) 2010
"{90140000-0015-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-041A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Croatian) 2010
"{90140000-0015-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{A799515C-5606-410C-9F1E-4AD9AAC26874}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010
"{90140000-0016-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-041A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Croatian) 2010
"{90140000-0016-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{A799515C-5606-410C-9F1E-4AD9AAC26874}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0414-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Norwegian (Bokmål)) 2010
"{90140000-0017-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{11788EA4-1497-4A6C-AC21-FC33CB079E16}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010
"{90140000-0018-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-041A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Croatian) 2010
"{90140000-0018-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{A799515C-5606-410C-9F1E-4AD9AAC26874}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0414-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010
"{90140000-0019-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-041A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Croatian) 2010
"{90140000-0019-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{A799515C-5606-410C-9F1E-4AD9AAC26874}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0414-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010
"{90140000-001A-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-041A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Croatian) 2010
"{90140000-001A-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{A799515C-5606-410C-9F1E-4AD9AAC26874}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2010
"{90140000-001B-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-041A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Croatian) 2010
"{90140000-001B-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{A799515C-5606-410C-9F1E-4AD9AAC26874}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.nb-no_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010
"{90140000-001F-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{F3137115-1D72-46BE-9D42-B5DE61971F2A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2010
"{90140000-001F-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{7466AFF9-D5F9-4184-B476-97202CC48837}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010
"{90140000-001F-0814-0000-0000000FF1CE}_Office14.OMUI.nb-no_{751049E8-D99F-4DE1-9FC2-71DE06655678}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2010
"{90140000-001F-081A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{404CFC48-ADF5-4BD1-A88B-9FFE981DA110}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2010
"{90140000-002C-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{66FC3637-893A-4837-A32C-0DD98E7F8444}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-041A-0000-0000000FF1CE}" = Microsoft Office Proofing (Croatian) 2010
"{90140000-002C-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{5593ED27-F7EC-4CDC-9829-70AF49BC3ABA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0414-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2010
"{90140000-0044-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-041A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Croatian) 2010
"{90140000-0044-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{A799515C-5606-410C-9F1E-4AD9AAC26874}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010
"{90140000-006E-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{C166254D-5FB6-4D3F-8509-3575387141B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-041A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Croatian) 2010
"{90140000-006E-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{3FFB4B83-F53F-43AE-A04E-DA3BA012DE96}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0414-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010
"{90140000-00A1-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-041A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Croatian) 2010
"{90140000-00A1-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{A799515C-5606-410C-9F1E-4AD9AAC26874}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0414-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Norwegian (Bokmål)) 2010
"{90140000-00BA-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-041A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Croatian) 2010
"{90140000-00BA-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{A799515C-5606-410C-9F1E-4AD9AAC26874}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0414-0000-0000000FF1CE}" = Microsoft Office O MUI (Norwegian (Bokmål)) 2010
"{90140000-0100-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{FA4B901F-C36D-40AE-940C-5FD0E4F1C15C}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0100-041A-0000-0000000FF1CE}" = Microsoft Office O MUI (Croatian) 2010
"{90140000-0100-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{69E0D222-C77C-45ED-9F44-8A9D11AF1058}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0414-0000-0000000FF1CE}" = Microsoft Office X MUI (Norwegian (Bokmål)) 2010
"{90140000-0101-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{666BFC93-A3B8-40B4-9FDF-099532531BB3}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-041A-0000-0000000FF1CE}" = Microsoft Office X MUI (Croatian) 2010
"{90140000-0101-041A-0000-0000000FF1CE}_Office14.OMUI.hr-hr_{33CD520C-9F1D-4354-A86C-36AAE376ECFA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A0049D3-078F-9470-14CE-F1E69752F512}" = CCC Help Portuguese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A53EE2F2-B7B3-B49F-B6BF-96EF8D2D9F26}" = CCC Help Italian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B19F4FF8-E3BA-1BB8-4F47-48D91F28C479}" = CCC Help Polish
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7CC9483-5BAF-4F14-0563-2C2674661112}" = Catalyst Control Center InstallProxy
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}" = ESET Smart Security
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCE50A92-CEDE-E2C0-5783-601A3B3DC63E}" = CCC Help Finnish
"{CD09EBBD-793E-6903-6335-642A470D0B23}" = CCC Help French
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDEC1AF0-0C66-43B2-A0FC-A82648E8D36A}" = Nitro PDF Reader 2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E330ABB9-2BD8-504C-B959-26C889CC14C2}" = CCC Help Dutch
"{E3F745B0-29B9-9483-3962-A1EDD958C24E}" = CCC Help Chinese Traditional
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEE1FF07-FDE5-0EFB-45F3-0FE909C6E539}" = CCC Help Japanese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FAF448F1-4460-440C-9280-07F66A63D6F5}" = Nero Kwik Media
"{FB1F181C-3CF3-5341-59F8-2C9A78BB66C5}" = CCC Help Spanish
"{FC18AB8F-9BA3-423B-91F2-622990F57978}" = Nero 11
"{FCE18696-8A12-B6A9-9C3B-7545EB5FE5EB}" = CCC Help English
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE87C640-F24F-19C1-B63A-D349C0E2E10B}" = ccc-utility
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"DivX Setup" = DivX Setup
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"FreeFileViewer_is1" = Free File Viewer 2011
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 11.0 (x86 bs)" = Mozilla Firefox 11.0 (x86 bs)
"Office14.OMUI.hr-hr" = Microsoft Office Language Pack 2010 - Croatian/Hrvatski
"Office14.OMUI.nb-no" = Microsoft Office Language Pack 2010 - Norwegian/norsk
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"VLC media player" = VLC media player 1.1.11
"WBFS Manager 3.0" = WBFS Manager 3.0
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"oDVT" = oDesk Team
"RewardsArcadeSuite" = RewardsArcadeSuite
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6.11.2012 11:02:27 | Computer Name = korisnik-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2. Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 6.11.2012 11:06:35 | Computer Name = korisnik-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Nero\Nero
11\nero backitup\NBVSSTool_x64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6.11.2012 11:59:02 | Computer Name = korisnik-PC | Source = RasClient | ID = 20227
Description =

Error - 6.11.2012 12:00:23 | Computer Name = korisnik-PC | Source = RasClient | ID = 20227
Description =

Error - 6.11.2012 12:01:44 | Computer Name = korisnik-PC | Source = RasClient | ID = 20227
Description =

Error - 6.11.2012 12:03:05 | Computer Name = korisnik-PC | Source = RasClient | ID = 20227
Description =

Error - 6.11.2012 14:14:57 | Computer Name = korisnik-PC | Source = WinMgmt | ID = 10
Description =

Error - 6.11.2012 18:23:50 | Computer Name = korisnik-PC | Source = WinMgmt | ID = 10
Description =

Error - 7.11.2012 7:27:42 | Computer Name = korisnik-PC | Source = WinMgmt | ID = 10
Description =

Error - 7.11.2012 12:14:46 | Computer Name = korisnik-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7.11.2012 7:26:05 | Computer Name = korisnik-PC | Source = Service Control Manager | ID = 7000
Description = The Cron Service for Prey service failed to start due to the following
error: %%2

Error - 7.11.2012 7:26:18 | Computer Name = korisnik-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%2

Error - 7.11.2012 12:12:57 | Computer Name = korisnik-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 7.11.2012 12:12:57 | Computer Name = korisnik-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7.11.2012 12:13:04 | Computer Name = korisnik-PC | Source = Service Control Manager | ID = 7000
Description = The Cron Service for Prey service failed to start due to the following
error: %%2

Error - 7.11.2012 12:13:29 | Computer Name = korisnik-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.0 service failed to start due to the following error:
%%2

Error - 7.11.2012 12:21:13 | Computer Name = korisnik-PC | Source = DCOM | ID = 10016
Description =

Error - 7.11.2012 12:21:13 | Computer Name = korisnik-PC | Source = DCOM | ID = 10016
Description =

Error - 7.11.2012 12:21:13 | Computer Name = korisnik-PC | Source = DCOM | ID = 10016
Description =

Error - 7.11.2012 12:21:13 | Computer Name = korisnik-PC | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

#5
Minna87
Posted 07 November 2012 - 02:35 PM

Minna87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-07 20:22:30
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS723225L9A360 rev.FCDOC60D
Running: qhjdxpf9.exe; Driver: C:\Users\korisnik\AppData\Local\Temp\kxldrkod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C3EA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C784D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E609000, 0x2D5378, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1232] kernel32.dll!SetUnhandledExceptionFilter 76C5F4FB 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027135e31f8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027135e31f8@e8e5d69e9718 0xF0 0xBF 0x1D 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027135e31f8@78ca04139646 0xA3 0x33 0x15 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027135e31f8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027135e31f8@e8e5d69e9718 0xF0 0xBF 0x1D 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027135e31f8@78ca04139646 0xA3 0x33 0x15 0xB0 ...
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3946189514\Groups@\xa8\xa4\xa4\xa4\xa4\xa4/ Maine Hanuma \\xa4\xa4\xa4\xa4\xa4\xa8 1

---- EOF - GMER 1.0.15 ----
  • 0

#6
Minna87
Posted 07 November 2012 - 03:00 PM

Minna87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
These are the logs you requested. PLEASE, if you detect any spyware don't just give me instructions on how to remove it, but let me know which type you found with a short explanation for what it might have been used for. The last line in the GMER log (windows live communications something) mentions 2 words in Bosnian my boyfriend (the person I suspect is spying on me) uses. It seems strange that those words should be there. Please let me know what that means.
Thank you so much!
  • 0

#7
maliprog
Posted 07 November 2012 - 03:13 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Minna87,

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000000000000000
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109217&babsrc=adbartrp&mntrId=ccf14000000000000000000000000000&q="

:Files
C:\Windows\tasks\At*.job

:Commands
[purity]
[clearallrestorepoints]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • VRT log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#8
Minna87
Posted 07 November 2012 - 08:57 PM

Minna87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 7.11.2012 22:51:11 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\korisnik\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000141a | Country: Bosna i Hercegovina | Language: BSB | Date Format: d.M.yyyy

1,75 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 58,62% Memory free
3,49 Gb Paging File | 2,52 Gb Available in Paging File | 72,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 38,07 Gb Free Space | 39,02% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 58,75 Gb Free Space | 43,44% Space Free | Partition Type: NTFS

Computer Name: KORISNIK-PC | User Name: korisnik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.07 17:38:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\korisnik\Desktop\OTL.exe
PRC - [2012.11.06 22:34:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012.11.06 22:34:26 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011.06.21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2011.04.27 17:46:52 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.08.18 10:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 10:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.14 02:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009.04.27 09:22:04 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.04.27 09:11:54 | 002,029,640 | ---- | M] (Cracked By Wh!5t|eR) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2002.04.17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002.04.17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2012.09.27 15:40:36 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\5d64fe923b88d30080e3f6f39684510d\WindowsFormsIntegration.ni.dll
MOD - [2012.09.27 12:06:47 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\7dfba5d1d4bb05f6e4ea95ffa0f359a9\System.Core.ni.dll
MOD - [2012.09.27 04:02:43 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96a5c5331595b2dbc3a891ad1249e519\PresentationFramework.Aero.ni.dll
MOD - [2012.09.27 04:02:30 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0f59b7aebc4be73d5da020c88c72f33b\PresentationFramework.ni.dll
MOD - [2012.09.27 04:02:02 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a6fc17fd5d463a675fa6c9bb7ed1ab73\PresentationCore.ni.dll
MOD - [2012.09.27 04:01:38 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5b10c18a074132f1ae4a86d860cf9615\WindowsBase.ni.dll
MOD - [2012.09.27 04:01:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\828e99a57411166ccc26d24be089ba44\System.Windows.Forms.ni.dll
MOD - [2012.09.27 04:00:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\12dc22db56f7933e84654ecc590beba5\System.Runtime.Remoting.ni.dll
MOD - [2012.09.27 04:00:14 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a0b35ba07be52485fdb6f36c2b1f880a\System.Web.ni.dll
MOD - [2012.09.27 03:59:38 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\502adc65e43b9d025cba1fd0bfa964a8\System.Drawing.ni.dll
MOD - [2012.09.27 03:59:25 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb0e4de1afd3f2efbbf39a5e39f646a\System.Xml.ni.dll
MOD - [2012.09.27 03:59:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2a5cbab122112cd4291b684e67460c16\System.Configuration.ni.dll
MOD - [2012.09.27 03:59:01 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9447bd5b21a91081d4275b4c4401b1f9\System.ni.dll
MOD - [2012.09.27 03:58:35 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2ab531f4915cccb998c4e852fb7efd00\mscorlib.ni.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.27 17:46:56 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011.04.27 17:34:46 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.03.22 18:17:54 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2011.03.14 18:16:32 | 000,024,576 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
MOD - [2010.01.21 09:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.01.10 04:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.08.17 01:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2002.04.17 10:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002.04.17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2012.11.06 22:34:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012.10.08 21:34:54 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.23 13:59:56 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\korisnik\AppData\Local\Temp\7zS30EA\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.19 23:57:19 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.12.28 20:12:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.06.21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011.04.27 17:46:52 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010.01.22 01:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.08.18 10:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2009.04.27 09:22:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.04.27 09:22:04 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys -- (AODDriver4.0)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.01 10:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011.12.01 10:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011.10.30 21:01:57 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.14 02:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.14 02:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.11.20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.18 17:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.09.28 17:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.18 11:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.04.27 09:22:12 | 000,113,960 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009.04.27 09:22:08 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009.04.27 09:22:08 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.04.27 09:22:06 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.04.27 09:22:04 | 000,131,976 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bs-ba
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 9F 19 2E B4 00 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{BDF22A5C-1873-4802-AE49-ED1B797042E9}: "URL" = http://www.google.co...1I7DXTB_enBA476
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://domredi.com/1/"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\korisnik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\korisnik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\korisnik\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\korisnik\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.22 00:42:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\korisnik\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012.03.25 14:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.16 15:52:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 14:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.09.17 21:06:01 | 000,000,000 | ---D | M]

[2011.09.17 21:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Extensions
[2012.11.02 13:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions
[2011.12.31 13:41:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 17:06:13 | 000,021,707 | ---- | M] () (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions\[email protected]
[2012.03.29 17:06:13 | 000,007,972 | ---- | M] () (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions\[email protected]
[2012.04.22 01:17:05 | 000,086,809 | ---- | M] () (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions\[email protected]
[2012.04.16 15:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.10.27 21:52:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.16 15:52:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.04.22 01:17:17 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.03.15 13:08:40 | 000,005,265 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pik.xml
[2012.03.15 13:08:40 | 000,001,370 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tajpi.xml
[2012.03.15 13:08:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.03.15 13:08:40 | 000,001,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bs.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\korisnik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\korisnik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Ludara.com = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahpchpggdidiaodmkpdfihbppnlpdela\1.0_0\
CHR - Extension: YouTube = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: Google pretra\u017Eivanje = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RewardsArcade Suite = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.20.61_0\crossrider
CHR - Extension: RewardsArcade Suite = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.20.61_0\
CHR - Extension: RewardsArcade Suite = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.20.61_0\chrome-production\crossrider
CHR - Extension: RewardsArcade Suite = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.20.61_0\chrome-production\
CHR - Extension: CPDD-Blossom = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlialpgnoagkdecfaggejocpfdbommon\1.4_0\
CHR - Extension: 1Click Downloader = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: http://www.spilljack...m/casino-bonus/ = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckfghnhhicdgfbmbegfeehnaadjphco\2012.11.1.36716_0\
CHR - Extension: Gmail = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (Cracked By Wh!5t|eR)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\korisnik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Pošalji u OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ošalji u OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Pove&zane bilješke programa OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Pove&zane bilješke programa OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C18FA74-4D80-4988-9E2F-886A7352283D}: NameServer = 195.222.60.60 195.222.32.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A29FD984-0247-49BA-B6EE-C671D56D8AE8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA70549D-2BAB-4CF9-AF3E-FBAE99B24BFC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.07 22:46:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.07 17:38:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\korisnik\Desktop\OTL.exe
[2012.11.06 19:51:06 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.06 14:57:30 | 000,000,000 | ---D | C] -- C:\Users\korisnik\AppData\Roaming\Malwarebytes
[2012.11.06 14:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.06 14:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.06 14:57:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.06 14:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.04 22:11:37 | 000,000,000 | ---D | C] -- C:\Users\korisnik\Desktop\SDL Trados Studio 2011 Pro SP2
[2012.11.04 22:00:16 | 000,000,000 | ---D | C] -- C:\Users\korisnik\Desktop\Trados2011SP2
[2012.11.04 19:47:39 | 000,000,000 | ---D | C] -- C:\Users\korisnik\AppData\Local\DownTango
[2012.11.04 19:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Red Sky
[2012.11.04 19:30:28 | 000,000,000 | ---D | C] -- C:\Users\korisnik\AppData\Roaming\YourFileDownloader
[2012.11.02 13:32:27 | 000,000,000 | ---D | C] -- C:\Users\korisnik\Desktop\Muzika 2012
[2012.11.02 13:25:38 | 000,000,000 | ---D | C] -- C:\Users\korisnik\Desktop\web stranica
[2012.10.17 15:58:26 | 000,000,000 | ---D | C] -- C:\Users\korisnik\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2 C:\Users\korisnik\Desktop\*.tmp files -> C:\Users\korisnik\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.07 23:15:41 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-622140551-925052141-644574458-1000UA.job
[2012.11.07 23:09:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.07 22:55:27 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 22:55:27 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 22:52:49 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.07 22:52:49 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.07 22:48:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.07 22:48:03 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012.11.07 22:47:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.07 22:47:52 | 1406,820,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.07 22:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.07 19:07:12 | 000,302,592 | ---- | M] () -- C:\qhjdxpf9.exe
[2012.11.07 18:06:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-622140551-925052141-644574458-1000Core.job
[2012.11.07 17:57:47 | 005,390,336 | ---- | M] () -- C:\Users\korisnik\Desktop\Mazzy Star-Into Dust.mp3
[2012.11.07 17:38:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\korisnik\Desktop\OTL.exe
[2012.11.07 00:30:13 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.06 00:13:54 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.05 11:44:28 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.11.04 22:58:36 | 000,061,782 | ---- | M] () -- C:\Users\korisnik\Desktop\10289_10151408042388066_117202102_n.jpg
[2012.11.04 19:47:25 | 000,000,014 | ---- | M] () -- C:\end
[2012.11.03 17:15:40 | 003,504,020 | ---- | M] () -- C:\Users\korisnik\Desktop\DSC04962.JPG
[2012.11.03 17:14:50 | 003,326,153 | ---- | M] () -- C:\Users\korisnik\Desktop\DSC04955.JPG
[2012.11.03 15:57:14 | 005,102,765 | ---- | M] () -- C:\Users\korisnik\Desktop\DSC04951.JPG
[2012.11.02 14:05:46 | 004,906,952 | ---- | M] () -- C:\Users\korisnik\Desktop\DSC04885.JPG
[2 C:\Users\korisnik\Desktop\*.tmp files -> C:\Users\korisnik\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.07 19:07:05 | 000,302,592 | ---- | C] () -- C:\qhjdxpf9.exe
[2012.11.07 17:57:14 | 005,390,336 | ---- | C] () -- C:\Users\korisnik\Desktop\Mazzy Star-Into Dust.mp3
[2012.11.06 14:57:21 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.04 22:58:35 | 000,061,782 | ---- | C] () -- C:\Users\korisnik\Desktop\10289_10151408042388066_117202102_n.jpg
[2012.11.04 19:47:24 | 000,000,014 | ---- | C] () -- C:\end
[2012.11.03 17:13:25 | 003,504,020 | ---- | C] () -- C:\Users\korisnik\Desktop\DSC04962.JPG
[2012.11.03 17:13:24 | 005,102,765 | ---- | C] () -- C:\Users\korisnik\Desktop\DSC04951.JPG
[2012.11.03 17:13:24 | 003,326,153 | ---- | C] () -- C:\Users\korisnik\Desktop\DSC04955.JPG
[2012.11.02 16:53:07 | 004,906,952 | ---- | C] () -- C:\Users\korisnik\Desktop\DSC04885.JPG
[2012.09.28 12:38:53 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2012.01.19 13:41:59 | 000,027,976 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2012.01.19 13:41:59 | 000,019,272 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2011.12.31 01:32:45 | 000,005,632 | ---- | C] () -- C:\Users\korisnik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.26 00:53:50 | 000,000,000 | ---- | C] () -- C:\Users\korisnik\AppData\Roaming\log.sflog
[2011.12.04 22:08:14 | 000,000,000 | ---- | C] () -- C:\Windows\Waverly.INI
[2011.11.07 22:12:18 | 000,000,235 | ---- | C] () -- C:\Users\korisnik\AppData\Roaming\devices.xml
[2011.11.07 22:12:18 | 000,000,012 | ---- | C] () -- C:\Users\korisnik\AppData\Roaming\settings.xml
[2011.10.09 13:57:40 | 000,033,134 | ---- | C] () -- C:\Users\korisnik\AppData\Roaming\UserTile.png
[2011.09.17 21:59:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.17 21:08:13 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.09.17 21:08:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.09.17 21:08:11 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.09.17 21:08:11 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.09.17 21:08:11 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.04.27 18:05:50 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2010.11.20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.01.03 15:11:50 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Alawar Entertainment
[2011.12.25 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Alawar Stargaze
[2011.12.19 15:53:48 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Artifex Mundi
[2012.11.05 01:30:40 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Azureus
[2012.04.22 01:17:12 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Babylon
[2011.12.02 19:03:06 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Big Fish Games
[2011.12.19 18:17:11 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Blue Tea Games
[2012.10.17 15:58:26 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.25 14:38:16 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\com.w3i.FlipToast
[2011.12.31 13:41:32 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\DVDVideoSoft
[2011.12.31 13:41:19 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.17 21:48:03 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\ESET
[2011.10.27 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Foxit Software
[2012.07.03 15:08:28 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\FreeFileViewer
[2012.01.18 21:51:42 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Frogwares
[2012.11.07 17:21:42 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Nitro PDF
[2011.12.02 17:03:57 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\OpenCandy
[2012.03.19 23:57:22 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Passolo 2009
[2011.12.18 17:11:59 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Phantasmat_bf_se1
[2012.06.24 15:50:33 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\PhotoScape
[2012.01.28 16:08:12 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\PlayFirst
[2012.03.20 00:32:31 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\SDL
[2012.01.19 13:43:59 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\SolidDocuments
[2012.01.14 22:39:49 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Systenance
[2012.11.04 19:30:28 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:BBC9C1EB
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:0BBF232A
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:664852B0
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3B454A5C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:8247A199

< End of report >
  • 0

#9
Minna87
Posted 07 November 2012 - 09:24 PM

Minna87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I also ran the Kaspersky Virus Removal Tool as you told me. There were many password protected files it could not scan, but the end result was:
Scan of 727541 objects completed,
no threats detected.
  • 0

#10
maliprog
Posted 08 November 2012 - 12:10 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Minna87,

You made mistake in Step 1. You must click Run Fix button not Run Scan. Please do it again and post log here for me.
  • 0

#11
Minna87
Posted 08 November 2012 - 06:48 AM

Minna87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I think I did it correct, because I read and follow everything you write CAREFULLY. But I have repeated it again: I copied the text in the custom scans/fixes, clicked run fix, did a restart when the computer asked me and then ran OTL 'quick scan'. This is the log:



OTL logfile created on: 8.11.2012 13:15:43 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\korisnik\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000141a | Country: Bosna i Hercegovina | Language: BSB | Date Format: d.M.yyyy

1,75 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 61,21% Memory free
3,49 Gb Paging File | 2,65 Gb Available in Paging File | 75,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 37,10 Gb Free Space | 38,02% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 58,75 Gb Free Space | 43,44% Space Free | Partition Type: NTFS

Computer Name: KORISNIK-PC | User Name: korisnik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.07 17:38:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\korisnik\Desktop\OTL.exe
PRC - [2012.11.06 22:34:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012.11.06 22:34:26 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2011.06.21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2011.04.27 17:46:52 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.08.18 10:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 10:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.04.27 09:22:04 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.04.27 09:11:54 | 002,029,640 | ---- | M] (Cracked By Wh!5t|eR) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2002.04.17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002.04.17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2012.09.27 04:02:30 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0f59b7aebc4be73d5da020c88c72f33b\PresentationFramework.ni.dll
MOD - [2012.09.27 04:02:02 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a6fc17fd5d463a675fa6c9bb7ed1ab73\PresentationCore.ni.dll
MOD - [2012.09.27 04:01:38 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5b10c18a074132f1ae4a86d860cf9615\WindowsBase.ni.dll
MOD - [2012.09.27 04:01:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\828e99a57411166ccc26d24be089ba44\System.Windows.Forms.ni.dll
MOD - [2012.09.27 04:00:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\12dc22db56f7933e84654ecc590beba5\System.Runtime.Remoting.ni.dll
MOD - [2012.09.27 04:00:14 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a0b35ba07be52485fdb6f36c2b1f880a\System.Web.ni.dll
MOD - [2012.09.27 03:59:38 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\502adc65e43b9d025cba1fd0bfa964a8\System.Drawing.ni.dll
MOD - [2012.09.27 03:59:25 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb0e4de1afd3f2efbbf39a5e39f646a\System.Xml.ni.dll
MOD - [2012.09.27 03:59:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2a5cbab122112cd4291b684e67460c16\System.Configuration.ni.dll
MOD - [2012.09.27 03:59:01 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9447bd5b21a91081d4275b4c4401b1f9\System.ni.dll
MOD - [2012.09.27 03:58:35 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2ab531f4915cccb998c4e852fb7efd00\mscorlib.ni.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.27 17:46:56 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011.04.27 17:34:46 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.03.22 18:17:54 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2011.03.14 18:16:32 | 000,024,576 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
MOD - [2010.01.21 09:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.01.10 04:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2002.04.17 10:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002.04.17 10:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2012.11.06 22:34:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012.10.08 21:34:54 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.23 13:59:56 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\korisnik\AppData\Local\Temp\7zS30EA\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.19 23:57:19 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.12.28 20:12:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.06.21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011.04.27 17:46:52 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2010.01.22 01:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.08.18 10:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2009.04.27 09:22:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.04.27 09:22:04 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys -- (AODDriver4.0)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.01 10:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011.12.01 10:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011.10.30 21:01:57 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.14 02:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.14 02:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.11.20 22:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.02.18 17:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.09.28 17:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.18 11:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.04.27 09:22:12 | 000,113,960 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009.04.27 09:22:08 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2009.04.27 09:22:08 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.04.27 09:22:06 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.04.27 09:22:04 | 000,131,976 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bs-ba
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 9F 19 2E B4 00 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{BDF22A5C-1873-4802-AE49-ED1B797042E9}: "URL" = http://www.google.co...1I7DXTB_enBA476
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://domredi.com/1/"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\korisnik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\korisnik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\korisnik\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\korisnik\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.22 00:42:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\korisnik\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012.03.25 14:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.16 15:52:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 14:17:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.09.17 21:06:01 | 000,000,000 | ---D | M]

[2011.09.17 21:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Extensions
[2012.11.02 13:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions
[2011.12.31 13:41:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 17:06:13 | 000,021,707 | ---- | M] () (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions\[email protected]
[2012.03.29 17:06:13 | 000,007,972 | ---- | M] () (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions\[email protected]
[2012.04.22 01:17:05 | 000,086,809 | ---- | M] () (No name found) -- C:\Users\korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\34vlqdvb.default\extensions\[email protected]
[2012.04.16 15:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.10.27 21:52:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.16 15:52:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.04.22 01:17:17 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.03.15 13:08:40 | 000,005,265 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pik.xml
[2012.03.15 13:08:40 | 000,001,370 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tajpi.xml
[2012.03.15 13:08:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.03.15 13:08:40 | 000,001,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-bs.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\korisnik\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\korisnik\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Ludara.com = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahpchpggdidiaodmkpdfihbppnlpdela\1.0_0\
CHR - Extension: YouTube = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: Google pretra\u017Eivanje = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RewardsArcade Suite = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.20.61_0\crossrider
CHR - Extension: RewardsArcade Suite = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.20.61_0\
CHR - Extension: RewardsArcade Suite = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.20.61_0\chrome-production\crossrider
CHR - Extension: RewardsArcade Suite = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.20.61_0\chrome-production\
CHR - Extension: CPDD-Blossom = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlialpgnoagkdecfaggejocpfdbommon\1.4_0\
CHR - Extension: 1Click Downloader = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: http://www.spilljack...m/casino-bonus/ = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pckfghnhhicdgfbmbegfeehnaadjphco\2012.11.1.36716_0\
CHR - Extension: Gmail = C:\Users\korisnik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (Cracked By Wh!5t|eR)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\korisnik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Pošalji u OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : P&ošalji u OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Pove&zane bilješke programa OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Pove&zane bilješke programa OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A29FD984-0247-49BA-B6EE-C671D56D8AE8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA70549D-2BAB-4CF9-AF3E-FBAE99B24BFC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.11.07 23:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.11.07 22:46:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.07 17:38:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\korisnik\Desktop\OTL.exe
[2012.11.06 19:51:06 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.06 14:57:30 | 000,000,000 | ---D | C] -- C:\Users\korisnik\AppData\Roaming\Malwarebytes
[2012.11.06 14:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.06 14:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.06 14:57:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.06 14:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.04 22:11:37 | 000,000,000 | ---D | C] -- C:\Users\korisnik\Desktop\SDL Trados Studio 2011 Pro SP2
[2012.11.04 22:00:16 | 000,000,000 | ---D | C] -- C:\Users\korisnik\Desktop\Trados2011SP2
[2012.11.04 19:47:39 | 000,000,000 | ---D | C] -- C:\Users\korisnik\AppData\Local\DownTango
[2012.11.04 19:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Red Sky
[2012.11.04 19:30:28 | 000,000,000 | ---D | C] -- C:\Users\korisnik\AppData\Roaming\YourFileDownloader
[2012.11.02 13:32:27 | 000,000,000 | ---D | C] -- C:\Users\korisnik\Desktop\Muzika 2012
[2012.11.02 13:25:38 | 000,000,000 | ---D | C] -- C:\Users\korisnik\Desktop\web stranica
[2012.10.17 15:58:26 | 000,000,000 | ---D | C] -- C:\Users\korisnik\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2 C:\Users\korisnik\Desktop\*.tmp files -> C:\Users\korisnik\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.11.08 13:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.08 13:21:20 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.08 13:21:20 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.08 13:18:13 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.08 13:18:13 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.08 13:14:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.08 13:14:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012.11.08 13:13:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.08 13:13:49 | 1406,820,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.08 13:09:05 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.08 13:06:04 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-622140551-925052141-644574458-1000UA.job
[2012.11.07 19:07:12 | 000,302,592 | ---- | M] () -- C:\qhjdxpf9.exe
[2012.11.07 18:06:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-622140551-925052141-644574458-1000Core.job
[2012.11.07 17:57:47 | 005,390,336 | ---- | M] () -- C:\Users\korisnik\Desktop\Mazzy Star-Into Dust.mp3
[2012.11.07 17:38:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\korisnik\Desktop\OTL.exe
[2012.11.07 00:30:13 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.06 00:13:54 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.05 11:44:28 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.11.04 22:58:36 | 000,061,782 | ---- | M] () -- C:\Users\korisnik\Desktop\10289_10151408042388066_117202102_n.jpg
[2012.11.04 19:47:25 | 000,000,014 | ---- | M] () -- C:\end
[2012.11.03 17:15:40 | 003,504,020 | ---- | M] () -- C:\Users\korisnik\Desktop\DSC04962.JPG
[2012.11.03 17:14:50 | 003,326,153 | ---- | M] () -- C:\Users\korisnik\Desktop\DSC04955.JPG
[2012.11.03 15:57:14 | 005,102,765 | ---- | M] () -- C:\Users\korisnik\Desktop\DSC04951.JPG
[2012.11.02 14:05:46 | 004,906,952 | ---- | M] () -- C:\Users\korisnik\Desktop\DSC04885.JPG
[2 C:\Users\korisnik\Desktop\*.tmp files -> C:\Users\korisnik\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.07 19:07:05 | 000,302,592 | ---- | C] () -- C:\qhjdxpf9.exe
[2012.11.07 17:57:14 | 005,390,336 | ---- | C] () -- C:\Users\korisnik\Desktop\Mazzy Star-Into Dust.mp3
[2012.11.06 14:57:21 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.04 22:58:35 | 000,061,782 | ---- | C] () -- C:\Users\korisnik\Desktop\10289_10151408042388066_117202102_n.jpg
[2012.11.04 19:47:24 | 000,000,014 | ---- | C] () -- C:\end
[2012.11.03 17:13:25 | 003,504,020 | ---- | C] () -- C:\Users\korisnik\Desktop\DSC04962.JPG
[2012.11.03 17:13:24 | 005,102,765 | ---- | C] () -- C:\Users\korisnik\Desktop\DSC04951.JPG
[2012.11.03 17:13:24 | 003,326,153 | ---- | C] () -- C:\Users\korisnik\Desktop\DSC04955.JPG
[2012.11.02 16:53:07 | 004,906,952 | ---- | C] () -- C:\Users\korisnik\Desktop\DSC04885.JPG
[2012.09.28 12:38:53 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2012.01.19 13:41:59 | 000,027,976 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2012.01.19 13:41:59 | 000,019,272 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2011.12.31 01:32:45 | 000,005,632 | ---- | C] () -- C:\Users\korisnik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.26 00:53:50 | 000,000,000 | ---- | C] () -- C:\Users\korisnik\AppData\Roaming\log.sflog
[2011.12.04 22:08:14 | 000,000,000 | ---- | C] () -- C:\Windows\Waverly.INI
[2011.11.07 22:12:18 | 000,000,235 | ---- | C] () -- C:\Users\korisnik\AppData\Roaming\devices.xml
[2011.11.07 22:12:18 | 000,000,012 | ---- | C] () -- C:\Users\korisnik\AppData\Roaming\settings.xml
[2011.10.09 13:57:40 | 000,033,134 | ---- | C] () -- C:\Users\korisnik\AppData\Roaming\UserTile.png
[2011.09.17 21:59:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.17 21:08:13 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.09.17 21:08:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.09.17 21:08:11 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.09.17 21:08:11 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.09.17 21:08:11 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.04.27 18:05:50 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2010.11.20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.01.03 15:11:50 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Alawar Entertainment
[2011.12.25 20:59:51 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Alawar Stargaze
[2011.12.19 15:53:48 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Artifex Mundi
[2012.11.05 01:30:40 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Azureus
[2012.04.22 01:17:12 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Babylon
[2011.12.02 19:03:06 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Big Fish Games
[2011.12.19 18:17:11 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Blue Tea Games
[2012.10.17 15:58:26 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.25 14:38:16 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\com.w3i.FlipToast
[2011.12.31 13:41:32 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\DVDVideoSoft
[2011.12.31 13:41:19 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.17 21:48:03 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\ESET
[2011.10.27 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Foxit Software
[2012.07.03 15:08:28 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\FreeFileViewer
[2012.01.18 21:51:42 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Frogwares
[2012.11.07 17:21:42 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Nitro PDF
[2011.12.02 17:03:57 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\OpenCandy
[2012.03.19 23:57:22 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Passolo 2009
[2011.12.18 17:11:59 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Phantasmat_bf_se1
[2012.06.24 15:50:33 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\PhotoScape
[2012.01.28 16:08:12 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\PlayFirst
[2012.03.20 00:32:31 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\SDL
[2012.01.19 13:43:59 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\SolidDocuments
[2012.01.14 22:39:49 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\Systenance
[2012.11.04 19:30:28 | 000,000,000 | ---D | M] -- C:\Users\korisnik\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:BBC9C1EB
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:0BBF232A
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:664852B0
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3B454A5C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:8247A199

< End of report >
  • 0

#12
maliprog
Posted 08 November 2012 - 07:49 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Time for checkup. How is your system now? Any problems?
  • 0

#13
Minna87
Posted 08 November 2012 - 08:24 AM

Minna87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
No, at least not that I notice :)
  • 0

#14
maliprog
Posted 08 November 2012 - 02:15 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#15
maliprog
Posted 09 November 2012 - 12:38 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP