OTL logfile created on: 5.4.2013 5:09:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000141A | Country: Bosnia and Herzegovina | Language: BSB | Date Format: d.M.yyyy 2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 57,79% Memory free 25,80 Gb Paging File | 25,08 Gb Available in Paging File | 97,22% Paging File free Paging file location(s): C:\pagefile.sys 8192 8192D:\pagef [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,10 Gb Total Space | 249,68 Gb Free Space | 83,76% Space Free | Partition Type: NTFS Drive D: | 1183,65 Gb Total Space | 564,38 Gb Free Space | 47,68% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 442,51 Gb Free Space | 47,50% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: PC1 | User Name: Shady | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013.04.05 05:09:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\My Documents\Downloads\OTL.exe PRC - [2013.03.22 00:50:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2013.03.11 18:00:47 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013.03.06 03:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2013.02.18 06:02:06 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013.02.13 20:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.02.13 20:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.01.08 23:05:26 | 001,159,168 | ---- | M] (RME) -- C:\WINDOWS\system32\hdspmix.exe PRC - [2013.01.08 23:05:06 | 000,648,192 | ---- | M] (RME) -- C:\WINDOWS\system32\hdsp32.exe PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.08.18 14:25:10 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\NOD32 Antivirus\ekrn.exe PRC - [2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.12.11 05:59:40 | 000,307,200 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe PRC - [2006.05.11 12:47:24 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006.05.11 12:46:54 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2005.10.03 00:00:00 | 000,313,185 | ---- | M] (H2O) -- C:\Program Files\WIBUKEY\H2O\CXWibu.exe PRC - [2005.02.15 19:35:04 | 000,151,552 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013.03.22 00:50:33 | 000,390,096 | ---- | M] () -- C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll MOD - [2013.03.22 00:50:32 | 012,662,224 | ---- | M] () -- C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll MOD - [2013.03.22 00:50:31 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\pdf.dll MOD - [2013.03.22 00:49:38 | 001,606,096 | ---- | M] () -- C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll MOD - [2013.03.06 03:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe MOD - [2013.02.17 15:04:04 | 000,036,352 | ---- | M] () -- C:\WINDOWS\system32\iifcBtUo.dll MOD - [2008.04.14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.04.14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\ups.exe -- (UPS) SRV - File not found [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013.03.27 22:59:22 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.11 18:00:47 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.03.07 16:30:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.06 03:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.08.18 14:30:58 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2008.08.18 14:25:10 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2006.12.19 16:53:46 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2006.05.11 12:46:54 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2005.02.15 19:35:04 | 000,151,552 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2003.07.22 11:17:30 | 000,090,112 | R--- | M] (Intracom S.A.) [Disabled | Stopped] -- C:\WINDOWS\nMtsk.exe -- (nMtskService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nvhda32.sys -- (NVHDA) DRV - File not found [Kernel | Auto | Stopped] -- -- (Nsynas32) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdcm.sys -- (Nokia USB Modem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdc.sys -- (Nokia USB Generic) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\hap16v2k.sys -- (hap16v2k) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\fsRamDsk.sys -- (fsRamDsk) DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\fcdabus.sys -- (fcdabus) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\emupia2k.sys -- (emupia) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CTSBLFX.SYS -- (CTSBLFX) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CTHWIUT.SYS -- (CTHWIUT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CTEXFIFX.SYS -- (CTEXFIFX) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CTERFXFX.SYS -- (CTERFXFX) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEDSPSY.SYS -- (CTEDSPSY.SYS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CTEDSPSY.SYS -- (CTEDSPSY) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEDSPIO.SYS -- (CTEDSPIO.SYS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CTEDSPIO.SYS -- (CTEDSPIO) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEDSPFX.SYS -- (CTEDSPFX.SYS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CTEDSPFX.SYS -- (CTEDSPFX) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEAPSFX.SYS -- (CTEAPSFX.SYS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CTEAPSFX.SYS -- (CTEAPSFX) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CTAUDFX.SYS -- (CTAUDFX) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctaud2k.sys -- (ctaud2k) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\ctac32k.sys -- (ctac32k) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CT20XUT.SYS -- (CT20XUT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\COMMONFX.SYS -- (COMMONFX) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.02.05 18:52:46 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2013.01.31 10:19:34 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2013.01.31 10:19:34 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) DRV - [2013.01.31 10:19:34 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) DRV - [2013.01.31 10:19:34 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb) DRV - [2013.01.31 10:19:34 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2013.01.08 23:05:12 | 000,070,144 | ---- | M] (RME) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdsp.sys -- (hdsp) DRV - [2012.10.17 06:28:06 | 000,090,368 | ---- | M] (Universal Audio Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UAD2System.sys -- (UAD2System) DRV - [2012.10.17 06:28:06 | 000,038,016 | ---- | M] (Universal Audio Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UAD2Pcie.sys -- (UAD2Pcie) DRV - [2012.07.08 16:57:27 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi) DRV - [2012.07.04 08:54:32 | 007,874,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2012.05.14 08:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService) DRV - [2009.08.25 18:00:56 | 001,347,584 | ---- | M] (Universal Audio, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hypaudio.sys -- (hypaudio) DRV - [2009.08.25 17:59:00 | 000,164,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hypkern.sys -- (hypkern) DRV - [2009.08.07 15:34:52 | 000,017,920 | ---- | M] (CEntrance, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ceusbaud.sys -- (CEUSBAUD) DRV - [2008.09.16 17:16:02 | 000,077,312 | ---- | M] (TC Electronic A/S) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCore.sys -- (Powercore) DRV - [2008.08.18 14:27:42 | 000,034,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2008.08.18 14:19:26 | 000,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv) DRV - [2008.08.18 14:18:26 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2008.08.14 21:36:35 | 000,211,520 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2008.08.14 21:36:35 | 000,028,896 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2008.08.14 21:36:33 | 000,082,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2008.03.20 18:57:26 | 000,015,896 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT) DRV - [2008.03.20 18:52:50 | 000,159,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2008.03.20 18:51:56 | 000,129,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2008.02.05 15:07:05 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2007.08.30 03:41:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001) DRV - [2007.03.24 11:20:24 | 000,046,208 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID) DRV - [2006.03.17 18:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService) DRV - [2006.02.07 20:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO) DRV - [2005.12.22 04:22:20 | 000,005,685 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO) DRV - [2005.12.15 20:42:12 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2005.11.03 13:17:34 | 000,016,896 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2005.10.03 00:00:00 | 000,070,144 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wibukey.sys -- (WIBUKEY) DRV - [2005.10.03 00:00:00 | 000,007,040 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\WIBUKEY\H2O\cxwibu.sys -- (cxwibu) DRV - [2005.05.09 21:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX) DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003.11.27 12:03:46 | 000,061,648 | R--- | M] (Intracom S.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nMUSB.sys -- (netModUSBService) DRV - [2002.09.25 19:02:28 | 000,023,392 | R--- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbks1x1.sys -- (USBKS1X1) DRV - [2002.09.25 19:02:28 | 000,015,740 | R--- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR) DRV - [2002.09.25 19:02:28 | 000,005,664 | R--- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbmidim.sys -- (USBMIDIM) DRV - [2001.04.20 14:27:12 | 000,056,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\tpkd.sys -- (TPkd) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN39927958161665428&ctid=CT3176921 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=968 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3176921&CUI=UN39927958161665428 IE - HKCU\..\SearchScopes\{DE66F866-B092-420F-90DB-56F4A7D1E9F2}: "URL" = http://search.softonic.com/INF00176/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=453 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..CT3176921.browser.search.defaultthis.engineName: "true" FF - prefs.js..browser.search.defaultthis.engineName: "express-files Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=3&q={searchTerms}&CUI=UN64030814914541130" FF - prefs.js..browser.search.selectedEngine: "express-files Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: %7B88ac3cb6-596b-4217-964c-b6757ef9602d%7D:10.15.0.562 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Shady\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Shady\Application Data\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Shady\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.03.13 19:10:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.03.13 19:10:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.11 18:02:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.13 19:09:49 | 000,000,000 | ---D | M] [2013.01.07 03:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shady\Application Data\Mozilla\Extensions [2012.08.08 03:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shady\Application Data\Mozilla\Firefox\extensions [2012.08.08 03:55:43 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Documents and Settings\Shady\Application Data\Mozilla\Firefox\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2013.03.27 22:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Shady\Application Data\Mozilla\Firefox\Profiles\fmhcmxpo.default\extensions [2013.03.27 22:46:14 | 000,000,000 | ---D | M] (express-files) -- C:\Documents and Settings\Shady\Application Data\Mozilla\Firefox\Profiles\fmhcmxpo.default\extensions\{88ac3cb6-596b-4217-964c-b6757ef9602d} [2013.03.14 23:08:37 | 000,011,510 | ---- | M] () (No name found) -- C:\Documents and Settings\Shady\Application Data\Mozilla\Firefox\Profiles\fmhcmxpo.default\extensions\youtube2mp3@mondayx.de.xpi [2013.02.25 04:10:06 | 000,001,082 | ---- | M] () -- C:\Documents and Settings\Shady\Application Data\Mozilla\Firefox\Profiles\fmhcmxpo.default\searchplugins\express-files-customized-web-search.xml [2013.02.13 21:13:31 | 000,002,060 | ---- | M] () -- C:\Documents and Settings\Shady\Application Data\Mozilla\Firefox\Profiles\fmhcmxpo.default\searchplugins\softonic.xml [2013.03.11 18:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.03.07 16:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.03.13 19:09:45 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013.03.07 16:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.03.07 16:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh\10.14.40.128_0\plugins/ConduitChromeApiPlugin.dll CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iibmmjhgclhlahmjniokmhleigemjpbh\10.14.40.128_0\plugins/np-cwmp.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Shady\Application Data\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Shady\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll CHR - plugin: BullGuard Antivirus Plugin for Mozilla (Enabled) = C:\Program Files\BullGuard Ltd\BullGuard Online Scanner\npbgscanner.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - Extension: Google Drive = C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Windows Media Player Extension for HTML5 = C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\ CHR - Extension: RealDownloader = C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: Gmail = C:\Documents and Settings\Shady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2007.08.06 05:15:19 | 000,000,803 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Reg Error: Value error.) - {47080957-7903-41FC-B655-CEBA0A65E64A} - C:\WINDOWS\system32\iifcBtUo.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.) O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [H2OWIBU] C:\Program Files\WIBUKEY\H2O\CXWibu.exe (H2O) O4 - HKLM..\Run: [HDSPTray1] C:\WINDOWS\System32\hdsp32.exe (RME) O4 - HKLM..\Run: [HDSPTray2] C:\WINDOWS\System32\hdspmix.exe (RME) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108815 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 1 O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231879734375 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341725534046 (MUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F15902E-71F8-4E8D-AE55-A1A3CD874F41}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\iifcBtUo: DllName - (iifcBtUo.dll) - C:\WINDOWS\System32\iifcBtUo.dll () O28 - HKLM ShellExecuteHooks: {47080957-7903-41FC-B655-CEBA0A65E64A} - C:\WINDOWS\system32\iifcBtUo.dll () O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{03cd2a3b-de82-11dd-8b76-a5ecabd2d5f3}\Shell\Auto\command - "" = fun.xls.exe O33 - MountPoints2\{03cd2a3b-de82-11dd-8b76-a5ecabd2d5f3}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{03cd2a3b-de82-11dd-8b76-a5ecabd2d5f3}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe O33 - MountPoints2\{072c4a5e-042c-11dc-aa08-8b4d372feb63}\Shell\AutoRun\command - "" = G:\RavMon.exe O33 - MountPoints2\{072c4a5e-042c-11dc-aa08-8b4d372feb63}\Shell\explore\Command - "" = G:\RavMon.exe -e O33 - MountPoints2\{072c4a5e-042c-11dc-aa08-8b4d372feb63}\Shell\open\Command - "" = G:\RavMon.exe O33 - MountPoints2\{2d27c116-2a66-11dd-8d5d-e581087b06e0}\Shell\AutoRun\command - "" = N:\RavMon.exe O33 - MountPoints2\{2d27c116-2a66-11dd-8d5d-e581087b06e0}\Shell\explore\Command - "" = N:\RavMon.exe -e O33 - MountPoints2\{2d27c116-2a66-11dd-8d5d-e581087b06e0}\Shell\open\Command - "" = N:\RavMon.exe O33 - MountPoints2\{311f7b76-28cb-11de-8c47-fc5715fccc2a}\Shell\Auto\command - "" = fun.xls.exe O33 - MountPoints2\{311f7b76-28cb-11de-8c47-fc5715fccc2a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{311f7b76-28cb-11de-8c47-fc5715fccc2a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe O33 - MountPoints2\{35e41801-c5e0-11e1-b324-0018f38b6dc8}\Shell\AutoRun\command - "" = J:\RavMon.exe O33 - MountPoints2\{35e41801-c5e0-11e1-b324-0018f38b6dc8}\Shell\explore\Command - "" = J:\RavMon.exe -e O33 - MountPoints2\{35e41801-c5e0-11e1-b324-0018f38b6dc8}\Shell\open\Command - "" = J:\RavMon.exe O33 - MountPoints2\{35e41807-c5e0-11e1-b324-0018f38b6dc8}\Shell\AutoRun\command - "" = J:\RavMon.exe O33 - MountPoints2\{35e41807-c5e0-11e1-b324-0018f38b6dc8}\Shell\explore\Command - "" = J:\RavMon.exe -e O33 - MountPoints2\{35e41807-c5e0-11e1-b324-0018f38b6dc8}\Shell\open\Command - "" = J:\RavMon.exe O33 - MountPoints2\{39ebd5cd-de9f-11dd-8b77-bf1e61182bbd}\Shell\Auto\command - "" = fun.xls.exe O33 - MountPoints2\{39ebd5cd-de9f-11dd-8b77-bf1e61182bbd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{39ebd5cd-de9f-11dd-8b77-bf1e61182bbd}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe O33 - MountPoints2\{4bc0f8f5-03c6-11df-8d12-0018f38b6dc8}\Shell\Auto\command - "" = fun.xls.exe O33 - MountPoints2\{4bc0f8f5-03c6-11df-8d12-0018f38b6dc8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4bc0f8f5-03c6-11df-8d12-0018f38b6dc8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe O33 - MountPoints2\{4bc0f8f8-03c6-11df-8d12-0018f38b6dc8}\Shell\Auto\command - "" = fun.xls.exe O33 - MountPoints2\{4bc0f8f8-03c6-11df-8d12-0018f38b6dc8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4bc0f8f8-03c6-11df-8d12-0018f38b6dc8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe O33 - MountPoints2\{70b19c03-c020-11e1-b314-0018f38b6dc8}\Shell\AutoRun\command - "" = J:\RavMon.exe O33 - MountPoints2\{70b19c03-c020-11e1-b314-0018f38b6dc8}\Shell\explore\Command - "" = J:\RavMon.exe -e O33 - MountPoints2\{70b19c03-c020-11e1-b314-0018f38b6dc8}\Shell\open\Command - "" = J:\RavMon.exe O33 - MountPoints2\{9944bbe1-0c1e-11df-8d1c-0018f38b6dc8}\Shell\Auto\command - "" = fun.xls.exe O33 - MountPoints2\{9944bbe1-0c1e-11df-8d1c-0018f38b6dc8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9944bbe1-0c1e-11df-8d1c-0018f38b6dc8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe O33 - MountPoints2\{9944bbe8-0c1e-11df-8d1c-0018f38b6dc8}\Shell\Auto\command - "" = fun.xls.exe O33 - MountPoints2\{9944bbe8-0c1e-11df-8d1c-0018f38b6dc8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9944bbe8-0c1e-11df-8d1c-0018f38b6dc8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe O33 - MountPoints2\{9944bbeb-0c1e-11df-8d1c-0018f38b6dc8}\Shell\Auto\command - "" = fun.xls.exe O33 - MountPoints2\{9944bbeb-0c1e-11df-8d1c-0018f38b6dc8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9944bbeb-0c1e-11df-8d1c-0018f38b6dc8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe O33 - MountPoints2\{a7461f94-e3c4-11dd-8b9d-0018f38b6dc8}\Shell\Auto\command - "" = fun.xls.exe O33 - MountPoints2\{a7461f94-e3c4-11dd-8b9d-0018f38b6dc8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a7461f94-e3c4-11dd-8b9d-0018f38b6dc8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe O33 - MountPoints2\{c37e3c39-ebfa-11de-8cf5-0018f38b6dc8}\Shell\Auto\command - "" = fun.xls.exe O33 - MountPoints2\{c37e3c39-ebfa-11de-8cf5-0018f38b6dc8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c37e3c39-ebfa-11de-8cf5-0018f38b6dc8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013.04.05 05:10:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Shady\Desktop\OTL.exe [2013.04.05 04:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\CrashDump [2013.04.05 01:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerCore [2013.04.05 00:58:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2013.04.05 00:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TC Electronic [2013.04.05 00:46:06 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01009.dll [2013.04.05 00:46:06 | 000,077,312 | ---- | C] (TC Electronic A/S) -- C:\WINDOWS\System32\drivers\PCore.sys [2013.04.05 00:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\Noveltech [2013.04.05 00:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TC Electronic [2013.04.05 00:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Tube-Tech [2013.04.05 00:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\TC Helicon [2013.04.03 15:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Local Settings\Application Data\Nero [2013.04.01 14:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio [2013.03.30 22:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\TC Electronic [2013.03.30 18:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mafia 2 [2013.03.30 05:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2013.03.30 01:42:56 | 001,253,376 | ---- | C] (TC Electronic A/S) -- C:\WINDOWS\System32\PCore.exe [2013.03.30 01:42:56 | 000,122,880 | ---- | C] (TC Electronic A/S) -- C:\WINDOWS\System32\PCore.cpl [2013.03.30 01:42:56 | 000,010,752 | ---- | C] (TC Electronic) -- C:\WINDOWS\System32\pcore_co.dll [2013.03.30 01:42:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Desktop\TCPoCoALLdrivers [2013.03.28 00:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Desktop\Po Co [2013.03.27 22:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Local Settings\Application Data\2K Games [2013.03.19 14:38:14 | 000,000,000 | ---D | C] -- e:\My Documents\Pjesme [2013.03.19 01:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Desktop\za FB [2013.03.18 02:13:30 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll [2013.03.18 02:13:30 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll [2013.03.18 02:13:29 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll [2013.03.18 02:13:29 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll [2013.03.18 02:13:28 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll [2013.03.18 02:13:28 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll [2013.03.18 02:13:27 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll [2013.03.18 02:13:26 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll [2013.03.18 02:13:26 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll [2013.03.18 02:13:26 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll [2013.03.18 02:13:25 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll [2013.03.18 02:13:25 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll [2013.03.18 02:13:24 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll [2013.03.18 02:13:23 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll [2013.03.18 02:13:23 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll [2013.03.18 02:13:22 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll [2013.03.18 02:13:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll [2013.03.18 02:13:21 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll [2013.03.18 02:13:20 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll [2013.03.18 02:13:20 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll [2013.03.18 02:13:20 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll [2013.03.18 02:13:19 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll [2013.03.18 02:13:18 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll [2013.03.18 02:13:18 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll [2013.03.18 02:13:18 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll [2013.03.18 02:13:17 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll [2013.03.18 02:13:16 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll [2013.03.18 02:13:16 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll [2013.03.18 02:13:16 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll [2013.03.18 02:13:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll [2013.03.18 02:13:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll [2013.03.18 02:13:14 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll [2013.03.18 02:13:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll [2013.03.18 02:13:13 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll [2013.03.18 02:13:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll [2013.03.18 02:13:13 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll [2013.03.18 02:13:12 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll [2013.03.18 02:13:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2013.03.18 02:13:11 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll [2013.03.18 02:13:11 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll [2013.03.18 02:13:11 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll [2013.03.18 02:13:10 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll [2013.03.18 02:13:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll [2013.03.18 02:13:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll [2013.03.18 02:13:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll [2013.03.18 02:13:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll [2013.03.18 02:13:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll [2013.03.18 02:13:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll [2013.03.18 02:13:06 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll [2013.03.18 02:13:06 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll [2013.03.18 02:13:06 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll [2013.03.18 02:13:05 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2013.03.18 02:12:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2013.03.18 02:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\DirectX [2013.03.18 02:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI [2013.03.18 02:04:53 | 000,000,000 | ---D | C] -- C:\AMD [2013.03.17 15:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Desktop\Copy of sd [2013.03.17 00:10:58 | 000,114,280 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadserd.sys [2013.03.17 00:10:57 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadmdm.sys [2013.03.17 00:10:57 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadmdfl.sys [2013.03.17 00:10:57 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadcmnt.sys [2013.03.17 00:10:57 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadcm.sys [2013.03.17 00:10:56 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01005.dll [2013.03.17 00:10:56 | 001,416,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01005.dll [2013.03.17 00:10:56 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadbus.sys [2013.03.17 00:10:56 | 000,030,312 | ---- | C] (Google Inc) -- C:\WINDOWS\System32\drivers\ssadadb.sys [2013.03.17 00:10:56 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwhnt.sys [2013.03.17 00:10:56 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwh.sys [2013.03.17 00:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\NativeFus_Log [2013.03.17 00:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Local Settings\Application Data\Samsung [2013.03.17 00:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Application Data\Samsung [2013.03.17 00:09:24 | 000,000,000 | ---D | C] -- e:\My Documents\samsung [2013.03.17 00:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec [2013.03.17 00:05:21 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll [2013.03.16 23:56:41 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll [2013.03.16 23:56:41 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll [2013.03.16 23:56:41 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys [2013.03.16 23:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2013.03.16 23:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Samsung [2013.03.16 23:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Local Settings\Application Data\Downloaded Installations [2013.03.16 23:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Desktop\Samsung MINI 2 [2013.03.16 23:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Desktop\sd [2013.03.16 23:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Desktop\samsung galaxy mini2 files [2013.03.16 23:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Desktop\flash [2013.03.13 19:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2013.03.13 19:09:48 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2013.03.13 19:09:44 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2013.03.13 19:09:44 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2013.03.13 19:09:43 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2013.03.13 19:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks [2013.03.11 18:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.03.11 18:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.03.11 18:01:02 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.03.11 18:01:02 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.03.11 18:00:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.03.11 18:00:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.03.11 18:00:57 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.03.11 18:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.11 17:48:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2013.03.11 13:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Desktop\ja [2013.03.10 12:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Desktop\LX480_v1.00r6 [2013.03.08 17:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shady\Desktop\MP3 Audio Only [2013.03.08 06:31:25 | 000,000,000 | -HSD | C] -- C:\found.001 [2013.03.06 19:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Sonnox [2013.03.06 12:22:14 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.03.06 12:22:14 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.03.06 12:03:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013.04.05 05:09:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shady\Desktop\OTL.exe [2013.04.05 04:23:12 | 000,002,284 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.04.05 04:22:47 | 000,002,498 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2013.04.05 00:55:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.04 22:13:59 | 2146,648,064 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2013.04.03 23:24:02 | 041,761,278 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\@02. Sanduk, Shady.wav [2013.04.03 15:56:26 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\Shady\Application Data\default.rss [2013.04.03 15:55:50 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013.04.02 13:10:34 | 000,000,212 | -HS- | M] () -- C:\boot.ini [2013.04.02 12:50:20 | 003,791,252 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\VSS3_7004722.exe [2013.04.01 23:48:48 | 000,481,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.04.01 18:34:53 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss [2013.04.01 18:34:53 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll [2013.04.01 18:34:53 | 000,000,096 | ---- | M] () -- C:\WINDOWS\msocreg32.dat [2013.04.01 18:34:52 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4 [2013.04.01 18:34:52 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2 [2013.04.01 18:34:52 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3 [2013.04.01 18:34:52 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1 [2013.04.01 18:34:52 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7 [2013.04.01 18:34:52 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5 [2013.04.01 18:34:52 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0 [2013.04.01 18:34:52 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9 [2013.04.01 18:34:52 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8 [2013.04.01 18:34:52 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10 [2013.04.01 18:34:52 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6 [2013.04.01 03:03:07 | 000,001,135 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\System.lnk [2013.03.31 17:33:16 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Shady\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013.03.31 16:13:46 | 000,007,633 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\poligamija.rtf [2013.03.31 12:48:07 | 000,438,114 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.03.31 12:48:07 | 000,070,738 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.03.30 21:42:34 | 000,019,935 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\virus isass.JPG [2013.03.30 02:06:58 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Control Panel (2).lnk [2013.03.30 00:34:15 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Fontovi.rtf [2013.03.29 03:21:45 | 007,263,611 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\@ Horo Stakato - Marko Lazarevic i Ljubisa Pavkovic -12.mp3 [2013.03.27 23:19:45 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1343024091-1275210071-725345543-1003.job [2013.03.27 23:19:45 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1343024091-1275210071-725345543-1003.job [2013.03.27 22:59:22 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.03.27 22:59:22 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.03.27 22:59:22 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.03.25 23:58:13 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\suad bislimi.rtf [2013.03.25 16:24:35 | 000,000,287 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\bislini senad.rtf [2013.03.24 19:33:21 | 003,398,884 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Sprachmemo 069.3ga [2013.03.24 19:32:52 | 002,644,624 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Sprachmemo 092.3ga [2013.03.23 14:29:51 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\272719.vcf [2013.03.23 10:31:04 | 002,537,445 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Shpreso.mp3 [2013.03.21 23:44:38 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1275210071-725345543-1003.job [2013.03.21 23:44:38 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1275210071-725345543-1003.job [2013.03.21 23:40:27 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1275210071-725345543-1003.job [2013.03.19 23:35:02 | 008,097,857 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Cupid Apears 2.mp3 [2013.03.19 23:32:41 | 044,614,700 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Cupid Apears 2.wav [2013.03.18 03:27:26 | 004,475,405 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Buco, Balada za kraj, Stari Grad 2005.mp3 [2013.03.18 03:18:38 | 003,972,809 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Eldin Masovic - Pokaži mi, Stari Grad 2005.mp3 [2013.03.17 18:51:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf [2013.03.17 03:38:34 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Shady\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.03.17 00:05:23 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\Shady\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk [2013.03.17 00:05:23 | 000,001,657 | ---- | M] () -- C:\Documents and Settings\Shady\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [2013.03.15 15:36:55 | 002,759,866 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Sprachmemo 077.3ga [2013.03.14 22:59:58 | 000,011,510 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\youtube2mp3.xpi [2013.03.14 22:44:26 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Shady\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer (2).lnk [2013.03.13 19:09:48 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2013.03.13 19:09:44 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2013.03.13 19:09:44 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2013.03.13 19:09:43 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2013.03.11 18:02:39 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Shady\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013.03.11 18:00:48 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.03.11 18:00:47 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013.03.11 18:00:47 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013.03.11 18:00:47 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.03.11 18:00:47 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.03.11 18:00:47 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.03.11 18:00:47 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.03.11 02:44:17 | 003,672,923 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\sanduk, xxx.mp3 [2013.03.10 19:25:16 | 007,584,759 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Aleksandra Radovic - Kao so u moru - YouTube.mp3 [2013.03.10 19:25:11 | 008,276,064 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Nina Badric - Da se opet tebi vratim - YouTube.mp3 [2013.03.08 19:03:27 | 004,653,874 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Hussain Al Jasmi - Fagadtak FINAL MASTER.mp3 [2013.03.08 18:41:55 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz [2013.03.08 18:41:55 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll [2013.03.08 18:41:55 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz [2013.03.08 18:41:55 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll [2013.03.08 18:38:33 | 004,881,243 | ---- | M] () -- C:\Documents and Settings\Shady\Desktop\Hussain Al Jasmi - Fagadtak, E-mol.mp3 [2013.03.06 17:19:20 | 000,000,032 | ---- | M] () -- C:\Documents and Settings\Shady\Application Data\_onset.dat [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System\*.tmp files -> C:\WINDOWS\System\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013.04.03 23:23:59 | 041,761,278 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\@02. Sanduk, Shady.wav [2013.04.03 21:35:52 | 003,791,252 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\VSS3_7004722.exe [2013.04.03 15:56:26 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\Shady\Application Data\default.rss [2013.04.01 16:13:25 | 002,537,445 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Shpreso.mp3 [2013.04.01 03:02:47 | 000,001,135 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\System.lnk [2013.03.31 16:13:46 | 000,007,633 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\poligamija.rtf [2013.03.30 21:42:34 | 000,019,935 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\virus isass.JPG [2013.03.30 02:06:58 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Control Panel (2).lnk [2013.03.30 01:42:56 | 001,782,077 | ---- | C] () -- C:\WINDOWS\System32\PCoreMsg.exe [2013.03.30 01:42:56 | 000,262,404 | ---- | C] () -- C:\WINDOWS\System32\PCore.bin [2013.03.29 03:21:44 | 007,263,611 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\@ Horo Stakato - Marko Lazarevic i Ljubisa Pavkovic -12.mp3 [2013.03.28 06:20:46 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Fontovi.rtf [2013.03.25 23:58:13 | 000,000,261 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\suad bislimi.rtf [2013.03.25 16:01:22 | 000,000,287 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\bislini senad.rtf [2013.03.24 19:30:19 | 002,644,624 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Sprachmemo 092.3ga [2013.03.24 19:30:15 | 003,398,884 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Sprachmemo 069.3ga [2013.03.23 14:29:50 | 000,000,171 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\272719.vcf [2013.03.19 23:33:16 | 008,097,857 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Cupid Apears 2.mp3 [2013.03.19 23:00:54 | 044,614,700 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Cupid Apears 2.wav [2013.03.18 03:27:25 | 004,475,405 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Buco, Balada za kraj, Stari Grad 2005.mp3 [2013.03.18 03:18:05 | 003,972,809 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Eldin Masovic - Pokaži mi, Stari Grad 2005.mp3 [2013.03.17 18:51:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf [2013.03.17 01:28:45 | 000,312,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2013.03.17 00:05:23 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\Shady\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk [2013.03.17 00:05:23 | 000,001,657 | ---- | C] () -- C:\Documents and Settings\Shady\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [2013.03.14 22:59:58 | 000,011,510 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\youtube2mp3.xpi [2013.03.14 22:44:26 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Shady\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer (2).lnk [2013.03.14 12:28:10 | 002,759,866 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Sprachmemo 077.3ga [2013.03.13 19:45:35 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1343024091-1275210071-725345543-1003.job [2013.03.13 19:45:35 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1343024091-1275210071-725345543-1003.job [2013.03.13 19:45:34 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1343024091-1275210071-725345543-1003.job [2013.03.13 19:10:26 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1343024091-1275210071-725345543-1003.job [2013.03.13 19:10:26 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1343024091-1275210071-725345543-1003.job [2013.03.11 18:04:33 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.03.11 18:02:39 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Shady\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013.03.11 02:44:15 | 003,672,923 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\sanduk, xxx.mp3 [2013.03.10 19:25:12 | 007,584,759 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Aleksandra Radovic - Kao so u moru - YouTube.mp3 [2013.03.10 19:25:05 | 008,276,064 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Nina Badric - Da se opet tebi vratim - YouTube.mp3 [2013.03.08 18:35:10 | 004,653,874 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Hussain Al Jasmi - Fagadtak FINAL MASTER.mp3 [2013.03.07 14:03:33 | 004,881,243 | ---- | C] () -- C:\Documents and Settings\Shady\Desktop\Hussain Al Jasmi - Fagadtak, E-mol.mp3 [2013.02.17 15:04:28 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\nnnkIaBq.dll [2013.02.17 15:04:28 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\mlJDurSi.dll [2013.02.17 15:04:27 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\wvUmmNgd.dll [2013.02.17 15:04:27 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\byXRhfET.dll [2013.02.17 15:04:04 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\yayxusRH.dll [2013.02.17 15:04:04 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\iifcBtUo.dll [2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2013.01.05 00:06:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\AmpRoomDSP_Lib96.dll [2013.01.05 00:06:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\AmpRoomDSP_Lib88.dll [2013.01.05 00:06:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\AmpRoomDSP_Lib48.dll [2013.01.05 00:06:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\AmpRoomDSP_Lib44.dll [2012.11.16 22:21:36 | 000,021,195 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2012.11.14 00:57:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012.07.08 07:33:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.07.06 05:01:29 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Shady\Application Data\_onset.dat [2012.07.04 06:03:32 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2012.07.04 06:03:32 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2012.06.27 09:49:43 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2012.06.27 08:31:52 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2008.02.08 21:44:03 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Shady\UpdateLog.GDZ [2007.07.19 01:51:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.17356192ABB8C36B.sys [2007.07.18 21:19:28 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.1735619272B730B3.sys [2007.07.15 01:51:21 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.173561926659B183.sys [2007.06.30 18:06:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.173561924A06AB74.sys [2007.06.30 18:03:47 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.173561924A06AB73.sys [2007.06.29 06:45:13 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.173561924A84BAF5.sys [2007.06.29 06:43:14 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.173561924A84BAF4.sys [2007.06.24 16:42:48 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.17356192D8910D51.sys [2007.06.24 14:43:58 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.17356192D8910D50.sys [2007.06.24 14:40:49 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.1735619206385595.sys [2007.06.19 12:03:28 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.17356192571BECEE.sys [2007.06.17 08:19:44 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.17356192859F7D89.sys [2007.06.15 20:00:22 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.17356192571BECED.sys [2007.06.10 22:41:05 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Shady\Application Data\.17356192EEEA39DE.sys [2007.05.13 06:44:35 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Shady\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.05.04 23:24:34 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\Shady\Application Data\Culture Prefs [2007.05.04 02:34:52 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Shady\Application Data\Majestic Prefs [color=#E56717]========== ZeroAccess Check ==========[/color] [2007.05.06 23:52:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Files - Unicode (All) ==========[/color] [2007.05.25 03:36:26 | 000,057,190 | ---- | M] ()(e:\My Documents\???????? ????????? ?????????? ??????.mht) -- e:\My Documents\Извештај несретног Хелсиншког одбора.mht [2007.05.25 03:36:26 | 000,057,190 | ---- | C] ()(e:\My Documents\???????? ????????? ?????????? ??????.mht) -- e:\My Documents\Извештај несретног Хелсиншког одбора.mht < End of report >