PDA

View Full Version : Another IDP.Trojan.1C8D1A13 and Crypt.AQLW infection...please help



JonDou
2012-05-05, 13:01
Hi, If You could help me out with this one, please.

I have read few post here about the same problem here and I'm glad that in some cases you guys have sort the problem out :). Nice work there. I just hope I'll be lucky to have the same results after this :).

Anyway, I have free AVG AV and it reported trojans couple of days ago (lots of them !!!) They keep poping up after every boot and I kept sending them to the virus vault as sugested by AVG. I have a redirecting browser problem as well, but that eases up after AVG does its work, but doesn't go away. Sometimes the new IE window opens on its own with shoping, vehicle sale or job oportunity website... etc.

I followed the thread "before you post dss log" and I did pretty much all, but what happened there is: I have backed up the registry with ERUNT and downloaded dds tool, saved it on the desktop and run it. As soon as DDS finished with the scan and showed me the log, AVG reported something as threat - a trojan (I think it was MBR.DAT if it's of any use to you :)) and sugested to move it to the vault. I have copy/paste the log results into the new notepad window and saved it on the desktop by the name ddslog (just in case :) )and sent the file to virus vault. When I did that, dds.exe icon along with the dds log file disappeared from my desktop.

I'm sending the log results and attached ziped "attach.txt" file with this post. Just one thing uncleared. Should I disable spybot tea timer now or should I have done it before the scan :)...sry? Can I turn my computer off?

Thank you for having the time for us.

dds log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32
Run by Goran at 14:24:29 on 2012-05-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2333 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GameTracker\GSInGameService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {089FD14D-132B-48FC-8861-0048AE113215} - No File
{17313704-4a6f-4a90-b799-9a0ecd442850}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
{21893045-fd23-4839-8079-751626c13bd9}
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: PhotoPos Toolbar: {5d0ec45b-d2e4-4dd0-a5b2-69ddefe852a8} - c:\program files\photoposcomtbr\PhotoposComTbrLib.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: IplexToALLPlayer: {df925ef3-7a87-44e4-9caf-8d7b280bf616} - c:\progra~1\allpla~1\iplex\IPLEXT~1.DLL
BHO: {e5deed4b-f298-4211-a480-2a963cf87dc5} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{f08f5390-b47d-4517-aa17-1bcc9ed22183}
{f3730a1f-b98c-4188-96fd-daf6a9fdac3a}
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PhotoPos Toolbar: {5d0ec45b-d2e4-4dd0-a5b2-69ddefe852a8} - c:\program files\photoposcomtbr\PhotoposComTbrLib.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SAOB Monitor] c:\program files\acronis\onlinebackupstandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\goran\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\goran\start menu\programs\startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Kodak EasyShare software.lnk.disabled
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Enviar para o OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\goran\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\funnsystems yump3com-user-authorization\YuMp3ComLogin.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: windowslivehelp.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Turbo%20Pizza/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7} : NameServer = 192.168.1.1,198.168.1.1
TCP: Interfaces\{D313AD3B-2A3F-4708-93FA-5AA7A28B9671} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvUOhhf
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\goran\application data\mozilla\firefox\profiles\io5uagfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 AvgRkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-4-26 752128]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-18 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-30 116608]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-4-26 3246040]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 GS In-Game Service;GS In-Game Service;c:\program files\gametracker\GSInGameService.exe [2011-11-10 1677072]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-29 275968]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-4-26 167968]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-2-13 101904]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-1-18 19056]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys --> c:\windows\system32\drivers\spyemrg.sys [?]
S2 avg7updsvc;KR3NPXP;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 gupdate1c9891f144d5a58;Google Update Service (gupdate1c9891f144d5a58);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]
S2 GV600_4;Vpcbus;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-5-10 8192]
S2 mcpromgr;VX3000;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 MpFilter;Smbusp;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 mpfirewl;Incdsrv;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 rt2870;Ftrtsvc;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253088]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-3 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-3 3072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2007-7-27 14336]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-5-18 25088]
.
=============== Created Last 30 ================
.
2012-05-04 15:01:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 15:01:11 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-02 12:19:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-30 03:14:53 -------- d-----w- c:\documents and settings\goran\application data\ooVoo Details
2012-04-30 03:13:45 -------- d-----w- c:\documents and settings\goran\local settings\application data\APN
2012-04-29 16:13:03 118318 ----a-w- c:\windows\Photo Pos Pro Collage Templates Pack Uninstaller.exe
2012-04-29 16:09:05 -------- d-----w- c:\documents and settings\goran\application data\Photopos
2012-04-29 16:09:03 -------- d-----w- c:\program files\PhotoposComTbr
.
==================== Find3M ====================
.
2012-05-04 15:01:00 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-29 07:12:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 07:12:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 07:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-15 13:02:23 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-15 13:02:18 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-15 13:02:18 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-15 12:51:16 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-14 12:47:02 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-14 12:20:58 682280 ----a-w- c:\windows\system32\pbsvc.exe
2012-02-13 10:28:46 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-07 03:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-05 07:41:10 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
.
============= FINISH: 14:25:44.98 ===============

oldman960
2012-05-05, 18:10
Hi JonDou, welcome to the forum.

To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.




Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.līk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
/md5stop


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


Next

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Double click the aswMBR.exe to run it. If asked to download Avast's database please do so.

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please post back with
both OTL logs
aswMBR log

JonDou
2012-05-06, 18:08
Hi oldman960 :) and thank You so much for taking this thing on. :thanks:
I'm having problem with the whole PC now. It freezes after a few minutes of reboot. I tried to open this thread and follow the instruction, but it wont let me. Last time I managed to open the IE window and that was it. It freezed on me.
I tried few times to restart my PC, but it kept freezing on me. I rebooted the PC and have copied otl.exe and aswMBR.exe on a usb flash from my old laptop and transfered them to the desktop of affected PC. Double clicked the otl.exe and quickly set the scan options as you told me to, but the scan (the whole PC) freezed somewhere in the middle... it says: scanning modules... and that's it. Do I reset/reboot the PC and try again - this time a bit quicker :) (if I manage) or what?
Not a good start here on my side :oops:, ha ?

oldman960
2012-05-06, 19:36
Hi JonDou,

Let's try the scans in Safe Mode.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

JonDou
2012-05-07, 10:51
Hi oldman960 :bigthumb:, thanks again for following this.

Ok,... I did a scan in Safe Mode and here are the results:

OTL.txt

OTL logfile created on: 07-May-2012 3:15:40 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 3.13 Gb Available Physical Memory | 89.45% Memory free
5.33 Gb Paging File | 5.23 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 41.14 Gb Free Space | 27.58% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 14.77 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS
Drive J: | 951.62 Mb Total Space | 946.52 Mb Free Space | 99.46% Space Free | Partition Type: FAT32

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Goran\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\GSC\CtxMenu.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (zntport) -- %systemroot%\system32\pdlnsv25.dll File not found
SRV - (zenos1) -- %systemroot%\system32\egathdrv.dll File not found
SRV - (yukonwlh) -- %systemroot%\system32\tga.dll File not found
SRV - (WNCPKT) -- %systemroot%\system32\mr2kserv.dll File not found
SRV - (wg5n) -- %systemroot%\system32\W8100PCI.dll File not found
SRV - (websensecpmcommunicationagent) -- %systemroot%\system32\VAIOMediaPlatform-MusicServer-HTTP.dll File not found
SRV - (webcompserver) -- %systemroot%\system32\vstor2.dll File not found
SRV - (VRADFIL) -- %systemroot%\system32\usb_rndisx.dll File not found
SRV - (vaiomediaplatform-integratedserver-appserver) -- %systemroot%\system32\CAMFLT.dll File not found
SRV - (V0080Dev) -- %systemroot%\system32\elbycdio.dll File not found
SRV - (utilman) -- %systemroot%\system32\mfcom.dll File not found
SRV - (USIUDF) -- %systemroot%\system32\lyncusbserv.dll File not found
SRV - (usbser) -- %systemroot%\system32\cisvc.dll File not found
SRV - (tpkmpsvc) -- %systemroot%\system32\hsf_dpv.dll File not found
SRV - (TOSHIBASoftModem) -- %systemroot%\system32\avgems.dll File not found
SRV - (toddsrv) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
SRV - (TMHIDSRV) -- %systemroot%\system32\hwpsgt.dll File not found
SRV - (susbser) -- %systemroot%\system32\LVCap138.dll File not found
SRV - (slservice) -- %systemroot%\system32\lxct_device.dll File not found
SRV - (Si3114r5) -- %systemroot%\system32\ser2pl.dll File not found
SRV - (sfdrv01) -- %systemroot%\system32\AN983.dll File not found
SRV - (SetupSys) -- %systemroot%\system32\AIRPLUS.dll File not found
SRV - (serialkeys) -- %systemroot%\system32\VrAcFil.dll File not found
SRV - (se59nd5) -- %systemroot%\system32\acdpowerservice.dll File not found
SRV - (se58mgmt) -- %systemroot%\system32\iaimfp0.dll File not found
SRV - (se2End5) -- %systemroot%\system32\aswlsvc.dll File not found
SRV - (s716bus) -- %systemroot%\system32\protectionservice.dll File not found
SRV - (s3savagemx) -- %systemroot%\system32\oracle_load_balancer_60_client-forms6i.dll File not found
SRV - (rt2870) -- %systemroot%\system32\HIDSwvd.dll File not found
SRV - (pivot) -- %systemroot%\system32\CTSBLFX.DLL.dll File not found
SRV - (pdlndldl) -- %systemroot%\system32\mwsarcpkt.dll File not found
SRV - (PCTINDIS5) -- %systemroot%\system32\rpcnet.dll File not found
SRV - (oraclewebassistant) -- %systemroot%\system32\hmonitor.dll File not found
SRV - (oracleorahomemanagementserver) -- %systemroot%\system32\Epiusb.dll File not found
SRV - (oracleoradb10g_home1isql*plus) -- %systemroot%\system32\USB11LDR.dll File not found
SRV - (omniusbl) -- %systemroot%\system32\inorpc.dll File not found
SRV - (NxSysMon) -- %systemroot%\system32\qmofiltr.dll File not found
SRV - (NWFILTER) -- %systemroot%\system32\aniwzcsdservice.dll File not found
SRV - (nvrd64) -- %systemroot%\system32\logonsvcid.dll File not found
SRV - (mssql$sony_mediamgr) -- %systemroot%\system32\WscNetDr.dll File not found
SRV - (msgame) -- %systemroot%\system32\ctxcpubal.dll File not found
SRV - (mps9) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
SRV - (mpfirewl) -- %systemroot%\system32\avcgbdr.dll File not found
SRV - (MpFilter) -- %systemroot%\system32\siside.dll File not found
SRV - (mi-raysat_3dsmax8) -- %systemroot%\system32\MA_CMIDI.dll File not found
SRV - (mhndrv) -- %systemroot%\system32\alerter.dll File not found
SRV - (mcpromgr) -- %systemroot%\system32\mcrdsvc.dll File not found
SRV - (mcods) -- %systemroot%\system32\HabuFltr.dll File not found
SRV - (maxbackserviceint) -- %systemroot%\system32\ndassvc.dll File not found
SRV - (licensemanagersocket) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
SRV - (L6POD) -- %systemroot%\system32\mldserv.dll File not found
SRV - (L1e) -- %systemroot%\system32\s24eventmonitor.dll File not found
SRV - (keriomailserver) -- %systemroot%\system32\meiudf.dll File not found
SRV - (k750mgmt) -- %systemroot%\system32\usbvm321.dll File not found
SRV - (ixiaendpoint) -- %systemroot%\system32\pinnaclesys.mediaserver.dll File not found
SRV - (ipssvc) -- %systemroot%\system32\dtsrvc.dll File not found
SRV - (iPassP) -- %systemroot%\system32\battc.dll File not found
SRV - (ifxtcs) -- %systemroot%\system32\OEM02Afx.dll File not found
SRV - (ifp800) -- %systemroot%\system32\cpqdmi.dll File not found
SRV - (IBM_LLC2) -- %systemroot%\system32\a016mdfl.dll File not found
SRV - (HSFHWALI) -- %systemroot%\system32\rimvserport.dll File not found
SRV - (HPFECP20) -- %systemroot%\system32\dm1service.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (GVCplDrv) -- %systemroot%\system32\btserial.dll File not found
SRV - (GV600_4) -- %systemroot%\system32\portmapper.dll File not found
SRV - (giveio) -- %systemroot%\system32\Wpsnuio.dll File not found
SRV - (ghoststartservice) -- %systemroot%\system32\Slntamr.dll File not found
SRV - (fsRamDsk) -- %systemroot%\system32\monfilt.dll File not found
SRV - (dot4ufd) -- %systemroot%\system32\TMBMServer.dll File not found
SRV - (dm1service) -- %systemroot%\system32\e1express.dll File not found
SRV - (dlaifs_m) -- %systemroot%\system32\SED133x.dll File not found
SRV - (delldmi) -- %systemroot%\system32\AsIO.dll File not found
SRV - (DCamUSBSQTECH) -- %systemroot%\system32\mferkdk.dll File not found
SRV - (db2ntsecserver) -- %systemroot%\system32\SNP2STD.dll File not found
SRV - (cwcspud) -- %systemroot%\system32\fastfat.dll File not found
SRV - (cmpci) -- %systemroot%\system32\prevxagent.dll File not found
SRV - (cics.region2) -- %systemroot%\system32\ccsetmgr.dll File not found
SRV - (cfosspeeds) -- %systemroot%\system32\MaxtorFrontPanel1.dll File not found
SRV - (CcmExec) -- %systemroot%\system32\w200mgmt.dll File not found
SRV - (cccredmgr) -- %systemroot%\system32\s217unic.dll File not found
SRV - (btnhnd) -- %systemroot%\system32\SECYPUSB.dll File not found
SRV - (btfirst) -- %systemroot%\system32\IOSLINK.dll File not found
SRV - (BsHelpCS) -- %systemroot%\system32\vmauthdservice.dll File not found
SRV - (blueletscoaudio) -- %systemroot%\system32\F700imd.dll File not found
SRV - (bdrsdrv) -- %systemroot%\system32\savrtpel.dll File not found
SRV - (bdfsfltr) -- %systemroot%\system32\USB_RNDIS.dll File not found
SRV - (avidstartup) -- %systemroot%\system32\symredrv.dll File not found
SRV - (avg7updsvc) -- %systemroot%\system32\rnadirectory.dll File not found
SRV - (atimpab) -- %systemroot%\system32\Freedom.dll File not found
SRV - (ASMMAP) -- %systemroot%\system32\portio.dll File not found
SRV - (ARCSOFTVIRTUALCAPTURE) -- %systemroot%\system32\enxpsvc.dll File not found
SRV - (ar5211) -- %systemroot%\system32\idrivert.dll File not found
SRV - (AmdIde) -- %systemroot%\system32\BRGSp50.dll File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (2wirepcp) -- %systemroot%\system32\zpcollector.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (GS In-Game Service) -- C:\Program Files\GameTracker\GSInGameService.exe (ClanServers Hosting LLC)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (KMService) -- C:\WINDOWS\system32\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (SpyEmrg) -- System32\Drivers\spyemrg.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PciCon) -- E:\PciCon.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aflkpxw0) -- File not found
DRV - (1802E) -- globalroot\C:\WINDOWS\system32\drivers\1802E.sys File not found
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgRkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MRxSmb) -- C:\WINDOWS\system32\drivers\mrxsmb.sys ()
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\WINDOWS\system32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (Video3D) -- C:\WINDOWS\system32\drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (Lvckap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\URLSearchHook: {511131f1-4629-4254-a85f-ed7b6d75dd3c} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1455F202-242E-4872-9700-182595B04230}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=chr-vmn&type=photopos2_0yach&q={searchTerms}
IE - HKCU\..\SearchScopes\{7400AA93-E276-4810-886F-5F5A9DDC3FD6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNWQ_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={60F607CC-7962-4103-A140-A4612667239E}&mid=44fe0b7a735675b2c18c7d77bd9a4579-0ea5e905f1d14e46bc4439e0ddc6c448b29e541b&lang=en&ds=AVG&pr=fr&d=2011-10-26 19:36:50&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=0&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-10-26 13:57:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-02-01 18:58:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012-03-12 20:07:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-02 19:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-04 23:01:11 | 000,000,000 | ---D | M]

[2010-10-02 00:30:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions
[2011-08-27 20:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009-12-23 13:11:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012-05-04 23:04:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions
[2011-11-06 08:18:06 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-10-28 18:20:38 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-04-30 00:09:10 | 000,000,000 | ---D | M] (PhotoPos Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}
[2012-05-03 22:12:19 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011-08-17 21:37:03 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\aol-web-search.xml
[2011-02-01 19:05:08 | 000,002,333 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\askcom.xml
[2008-03-16 09:00:27 | 000,002,386 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\siteadvisor.xml
[2011-02-19 19:31:14 | 000,001,244 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\winamp-search.xml
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-04-22 18:19:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-05-31 20:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2011-12-01 20:06:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-07-12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012-03-12 20:07:48 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011-12-01 20:06:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! Search (Enabled)
CHR - default_search_provider: search_url = http://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_au&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2012-05-03 00:16:03 | 000,442,908 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - No CLSID value found.
O2 - BHO: (no name) - {17313704-4A6F-4A90-B799-9A0ECD442850} - No CLSID value found.
O2 - BHO: (no name) - {21893045-FD23-4839-8079-751626C13BD9} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O2 - BHO: (no name) - {e5deed4b-f298-4211-a480-2a963cf87dc5} - No CLSID value found.
O2 - BHO: (no name) - {F08F5390-B47D-4517-AA17-1BCC9ED22183} - No CLSID value found.
O2 - BHO: (no name) - {F3730A1F-B98C-4188-96FD-DAF6A9FDAC3A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Goran\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O9 - Extra 'Tools' menuitem : &Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: windowslivehelp.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Turbo%20Pizza/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7}: NameServer = 192.168.1.1,198.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D313AD3B-2A3F-4708-93FA-5AA7A28B9671}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\tuvUOhhf) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-02-18 21:07:08 | 000,000,600 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{26BD304E-C934-11DC-B644-806D6172696F}\bootwiz\asrm.bin)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: cfosspeeds - %systemroot%\system32\MaxtorFrontPanel1.dll File not found
NetSvcs: s716bus - %systemroot%\system32\protectionservice.dll File not found
NetSvcs: ASMMAP - %systemroot%\system32\portio.dll File not found
NetSvcs: MpFilter - %systemroot%\system32\siside.dll File not found
NetSvcs: toddsrv - \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
NetSvcs: licensemanagersocket - \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
NetSvcs: cccredmgr - %systemroot%\system32\s217unic.dll File not found
NetSvcs: utilman - %systemroot%\system32\mfcom.dll File not found
NetSvcs: icepack - File not found
NetSvcs: W2acehid - File not found
NetSvcs: adsservice - File not found
NetSvcs: nv4 - File not found
NetSvcs: CdaD10BA - File not found
NetSvcs: nvstor32 - File not found
NetSvcs: imountsrv - File not found
NetSvcs: passthru - File not found
NetSvcs: PTproct - File not found
NetSvcs: dlaudfam - File not found
NetSvcs: rchost - File not found
NetSvcs: XAudio - File not found
NetSvcs: NWDHCP - File not found
NetSvcs: ScFBPNT3 - File not found
NetSvcs: lvsrvlauncher - File not found
NetSvcs: lxrjd31s - File not found
NetSvcs: FireTDI - File not found
NetSvcs: amusbprt - File not found
NetSvcs: DumaNT - File not found
NetSvcs: SED133x - File not found
NetSvcs: picturetaker - File not found
NetSvcs: dmprimer - File not found
NetSvcs: CA561 - File not found
NetSvcs: BTSLBCSP - File not found
NetSvcs: BUFADPT - File not found
NetSvcs: scsk4 - File not found
NetSvcs: WIBUKEY - File not found
NetSvcs: procexp111 - File not found
NetSvcs: iteatapi - File not found
NetSvcs: avupdsvc - File not found
NetSvcs: winpppoverethernet - File not found
NetSvcs: websensedcagent - File not found
NetSvcs: ARCSOFTVIRTUALCAPTURE - %systemroot%\system32\enxpsvc.dll File not found
NetSvcs: se59nd5 - %systemroot%\system32\acdpowerservice.dll File not found
NetSvcs: avg7updsvc - %systemroot%\system32\rnadirectory.dll File not found
NetSvcs: ifp800 - %systemroot%\system32\cpqdmi.dll File not found
NetSvcs: bdrsdrv - %systemroot%\system32\savrtpel.dll File not found
NetSvcs: pivotmou - File not found
NetSvcs: vcommmgr - File not found
NetSvcs: tbhsd - File not found
NetSvcs: ZY202_XP - File not found
NetSvcs: wm - File not found
NetSvcs: R300 - File not found
NetSvcs: giveio - %systemroot%\system32\Wpsnuio.dll File not found
NetSvcs: websensecpmcommunicationagent - %systemroot%\system32\VAIOMediaPlatform-MusicServer-HTTP.dll File not found
NetSvcs: oraclewebassistant - %systemroot%\system32\hmonitor.dll File not found
NetSvcs: oracleoradb10g_home1isql*plus - %systemroot%\system32\USB11LDR.dll File not found
NetSvcs: dm1service - %systemroot%\system32\e1express.dll File not found
NetSvcs: dot4ufd - %systemroot%\system32\TMBMServer.dll File not found
NetSvcs: PCTINDIS5 - %systemroot%\system32\rpcnet.dll File not found
NetSvcs: keriomailserver - %systemroot%\system32\meiudf.dll File not found
NetSvcs: zenos1 - %systemroot%\system32\egathdrv.dll File not found
NetSvcs: tpkmpsvc - %systemroot%\system32\hsf_dpv.dll File not found
NetSvcs: mcods - %systemroot%\system32\HabuFltr.dll File not found
NetSvcs: AmdIde - %systemroot%\system32\BRGSp50.dll File not found
NetSvcs: yukonwlh - %systemroot%\system32\tga.dll File not found
NetSvcs: dlaifs_m - %systemroot%\system32\SED133x.dll File not found
NetSvcs: NxSysMon - %systemroot%\system32\qmofiltr.dll File not found
NetSvcs: nvrd64 - %systemroot%\system32\logonsvcid.dll File not found
NetSvcs: btfirst - %systemroot%\system32\IOSLINK.dll File not found
NetSvcs: usbser - %systemroot%\system32\cisvc.dll File not found
NetSvcs: se58mgmt - %systemroot%\system32\iaimfp0.dll File not found
NetSvcs: L1e - %systemroot%\system32\s24eventmonitor.dll File not found
NetSvcs: slservice - %systemroot%\system32\lxct_device.dll File not found
NetSvcs: HPFECP20 - %systemroot%\system32\dm1service.dll File not found
NetSvcs: ghoststartservice - %systemroot%\system32\Slntamr.dll File not found
NetSvcs: k750mgmt - %systemroot%\system32\usbvm321.dll File not found
NetSvcs: avidstartup - %systemroot%\system32\symredrv.dll File not found
NetSvcs: se2End5 - %systemroot%\system32\aswlsvc.dll File not found
NetSvcs: HSFHWALI - %systemroot%\system32\rimvserport.dll File not found
NetSvcs: SetupSys - %systemroot%\system32\AIRPLUS.dll File not found
NetSvcs: db2ntsecserver - %systemroot%\system32\SNP2STD.dll File not found
NetSvcs: omniusbl - %systemroot%\system32\inorpc.dll File not found
NetSvcs: msgame - %systemroot%\system32\ctxcpubal.dll File not found
NetSvcs: s3savagemx - %systemroot%\system32\oracle_load_balancer_60_client-forms6i.dll File not found
NetSvcs: IBM_LLC2 - %systemroot%\system32\a016mdfl.dll File not found
NetSvcs: atimpab - %systemroot%\system32\Freedom.dll File not found
NetSvcs: wg5n - %systemroot%\system32\W8100PCI.dll File not found
NetSvcs: webcompserver - %systemroot%\system32\vstor2.dll File not found
NetSvcs: mi-raysat_3dsmax8 - %systemroot%\system32\MA_CMIDI.dll File not found
NetSvcs: BsHelpCS - %systemroot%\system32\vmauthdservice.dll File not found
NetSvcs: iPassP - %systemroot%\system32\battc.dll File not found
NetSvcs: ar5211 - %systemroot%\system32\idrivert.dll File not found
NetSvcs: NWFILTER - %systemroot%\system32\aniwzcsdservice.dll File not found
NetSvcs: Si3114r5 - %systemroot%\system32\ser2pl.dll File not found
NetSvcs: L6POD - %systemroot%\system32\mldserv.dll File not found
NetSvcs: mhndrv - %systemroot%\system32\alerter.dll File not found
NetSvcs: fsRamDsk - %systemroot%\system32\monfilt.dll File not found
NetSvcs: oracleorahomemanagementserver - %systemroot%\system32\Epiusb.dll File not found
NetSvcs: btnhnd - %systemroot%\system32\SECYPUSB.dll File not found
NetSvcs: serialkeys - %systemroot%\system32\VrAcFil.dll File not found
NetSvcs: susbser - %systemroot%\system32\LVCap138.dll File not found
NetSvcs: pivot - %systemroot%\system32\CTSBLFX.DLL.dll File not found
NetSvcs: blueletscoaudio - %systemroot%\system32\F700imd.dll File not found
NetSvcs: GV600_4 - %systemroot%\system32\portmapper.dll File not found
NetSvcs: pdlndldl - %systemroot%\system32\mwsarcpkt.dll File not found
NetSvcs: GVCplDrv - %systemroot%\system32\btserial.dll File not found
NetSvcs: TOSHIBASoftModem - %systemroot%\system32\avgems.dll File not found
NetSvcs: cwcspud - %systemroot%\system32\fastfat.dll File not found
NetSvcs: vaiomediaplatform-integratedserver-appserver - %systemroot%\system32\CAMFLT.dll File not found
NetSvcs: cics.region2 - %systemroot%\system32\ccsetmgr.dll File not found
NetSvcs: cmpci - %systemroot%\system32\prevxagent.dll File not found
NetSvcs: 2wirepcp - %systemroot%\system32\zpcollector.dll File not found
NetSvcs: V0080Dev - %systemroot%\system32\elbycdio.dll File not found
NetSvcs: DCamUSBSQTECH - %systemroot%\system32\mferkdk.dll File not found
NetSvcs: zntport - %systemroot%\system32\pdlnsv25.dll File not found
NetSvcs: TMHIDSRV - %systemroot%\system32\hwpsgt.dll File not found
NetSvcs: bdfsfltr - %systemroot%\system32\USB_RNDIS.dll File not found
NetSvcs: mpfirewl - %systemroot%\system32\avcgbdr.dll File not found
NetSvcs: efs - File not found
NetSvcs: webrootadminconsole - File not found
NetSvcs: WmiAcpi - File not found
NetSvcs: smrt - File not found
NetSvcs: patrolagent - File not found
NetSvcs: USIUDF - %systemroot%\system32\lyncusbserv.dll File not found
NetSvcs: ifxtcs - %systemroot%\system32\OEM02Afx.dll File not found
NetSvcs: CcmExec - %systemroot%\system32\w200mgmt.dll File not found
NetSvcs: mcpromgr - %systemroot%\system32\mcrdsvc.dll File not found
NetSvcs: sfdrv01 - %systemroot%\system32\AN983.dll File not found
NetSvcs: rt2870 - %systemroot%\system32\HIDSwvd.dll File not found
NetSvcs: megamonitorsrv - File not found
NetSvcs: dirms_defragmentation - File not found
NetSvcs: slave - File not found
NetSvcs: adiloader - File not found
NetSvcs: lxcgcustomerconnect - File not found
NetSvcs: s125bus - File not found
NetSvcs: yats32 - File not found
NetSvcs: smartwiservice - File not found
NetSvcs: wg3n - File not found
NetSvcs: maxbackserviceint - %systemroot%\system32\ndassvc.dll File not found
NetSvcs: PSI_SVC_2 - File not found
NetSvcs: ino_fltr - File not found
NetSvcs: pdfcreatormessages - File not found
NetSvcs: eliservice - File not found
NetSvcs: ssmdrv - File not found
NetSvcs: mstdfrgs - File not found
NetSvcs: SWNC8U20 - File not found
NetSvcs: rp_fws - File not found
NetSvcs: DcPTP - File not found
NetSvcs: PAC7302 - File not found
NetSvcs: ssscsisv - File not found
NetSvcs: webdriveservice - File not found
NetSvcs: thpsrv - File not found
NetSvcs: acs - File not found
NetSvcs: avsvcmonitor - File not found
NetSvcs: Memctl - File not found
NetSvcs: wandrv - File not found
NetSvcs: tandpl - File not found
NetSvcs: bjmcmng - File not found
NetSvcs: pnarp - File not found
NetSvcs: MRV6X32P - File not found
NetSvcs: VRADFIL - %systemroot%\system32\usb_rndisx.dll File not found
NetSvcs: ixiaendpoint - %systemroot%\system32\pinnaclesys.mediaserver.dll File not found
NetSvcs: delldmi - %systemroot%\system32\AsIO.dll File not found
NetSvcs: WNCPKT - %systemroot%\system32\mr2kserv.dll File not found
NetSvcs: mssql$sony_mediamgr - %systemroot%\system32\WscNetDr.dll File not found
NetSvcs: mps9 - \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
NetSvcs: ipssvc - %systemroot%\system32\dtsrvc.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

JonDou
2012-05-07, 10:53
Hi oldman960 :bigthumb:

part II of OTL.txt

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

========== Files/Folders - Created Within 30 Days ==========

[2012-05-06 22:37:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-06 22:37:44 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-05 00:20:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012-05-05 00:17:27 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-04 23:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-05-04 23:01:11 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012-05-04 23:01:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012-05-04 23:01:11 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012-05-04 23:01:11 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012-05-04 23:01:11 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012-05-02 20:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012-05-02 20:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012-04-30 11:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\ooVoo Details
[2012-04-30 11:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Local Settings\Application Data\APN
[2012-04-30 00:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\Photopos
[2012-04-30 00:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoposComTbr
[2012-04-24 19:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2012-04-24 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012-04-22 18:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012-04-22 18:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011-05-15 13:47:37 | 540,639,232 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Goran\Application Data\14.0.4734.1000_ProfessionalPlus_volume_ship_x86_en-us_exe.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-05-07 15:11:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-05-07 15:03:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
[2012-05-07 15:01:19 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012-05-06 22:29:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-06 22:25:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-06 21:57:13 | 097,285,812 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012-05-05 20:05:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-05-05 19:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-05 19:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-05-05 19:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-573735546-839522115-1003UA.job
[2012-05-05 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012-05-05 17:30:22 | 000,008,960 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Attach.zip
[2012-05-05 17:20:00 | 000,001,604 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012-05-05 13:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-05 00:19:18 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-05-05 00:18:27 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\NTREGOPT.lnk
[2012-05-05 00:18:27 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\ERUNT.lnk
[2012-05-05 00:17:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-04 23:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-573735546-839522115-1003Core.job
[2012-05-04 23:11:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-04 23:01:00 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012-05-04 23:01:00 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012-05-04 23:01:00 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012-05-04 23:01:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012-05-04 23:01:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012-05-04 23:01:00 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012-05-03 23:21:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-05-03 21:20:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012-05-03 00:16:03 | 000,442,908 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-05-02 19:08:53 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120503-001603.backup
[2012-05-01 23:15:52 | 000,002,233 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Pilici.lnk
[2012-05-01 22:59:00 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WORLD OF WARCRAFT.LNK
[2012-05-01 16:59:54 | 000,387,826 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012-04-30 14:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012-04-30 00:13:03 | 000,118,318 | ---- | M] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-29 15:12:26 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-04-29 15:12:26 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-04-24 20:04:20 | 000,141,123 | ---- | M] () -- C:\WINDOWS\hpoins14.dat
[2012-04-24 19:59:13 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-04-22 20:43:24 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\Goran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-04-22 12:53:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012-04-12 00:23:30 | 000,472,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-04-12 00:23:30 | 000,090,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-04-12 00:18:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-04-11 00:39:17 | 001,228,854 | ---- | M] () -- C:\Documents and Settings\Goran\Documents\Elena balerina title.bmp
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-05-05 17:30:22 | 000,008,960 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\Attach.zip
[2012-05-05 00:19:18 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-05-05 00:18:27 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\NTREGOPT.lnk
[2012-05-05 00:18:27 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\ERUNT.lnk
[2012-05-02 20:19:20 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012-04-30 00:13:03 | 000,118,318 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-25 08:04:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012-04-24 19:59:13 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-04-11 00:39:00 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\Goran\Documents\Elena balerina title.bmp
[2012-02-13 18:28:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012-02-03 17:29:56 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011-08-21 16:36:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011-07-23 09:02:38 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2011-06-25 16:44:12 | 000,090,744 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-06-19 15:18:10 | 000,140,564 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp
[2011-06-19 15:18:10 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp
[2011-05-15 16:42:16 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\Comma Separated Values (Windows).ADR
[2011-05-10 20:30:54 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2011-05-07 13:09:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\$_hpcst$.hpc
[2011-04-12 02:36:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436r
[2011-04-12 02:36:42 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436
[2011-04-12 02:36:30 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18800436
[2011-04-11 11:59:33 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260r
[2011-04-11 11:59:33 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260
[2011-04-11 11:59:22 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19390260
[2011-04-06 12:09:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-06 11:19:43 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011-02-25 21:04:10 | 000,119,630 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Classic Frames Pack Uninstaller.exe
[2011-02-25 21:04:03 | 000,119,394 | ---- | C] () -- C:\WINDOWS\Christmas and New Year Frames Pack Uninstaller.exe
[2011-02-23 22:15:04 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2011-02-23 22:15:03 | 000,000,094 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011-02-23 22:13:45 | 000,210,628 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2011-01-26 22:26:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011-01-26 22:26:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011-01-07 12:36:51 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-12-17 16:00:46 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-11-29 23:33:44 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010-11-26 20:20:50 | 001,524,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010-07-10 05:38:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2011-05-07 09:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011-02-17 14:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2008-04-02 13:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2012-03-12 20:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011-05-15 23:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2012-05-06 22:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010-10-28 17:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008-02-28 09:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2010-10-28 18:06:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008-02-04 05:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011-01-29 15:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011-02-04 13:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2009-03-14 18:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011-05-17 21:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2008-02-09 07:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2010-02-05 15:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2008-04-07 10:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008-04-08 23:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2008-04-15 11:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008-02-09 07:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011-05-12 23:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010-10-15 17:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008-04-15 18:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2011-01-07 12:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010-11-19 11:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2008-03-27 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009-03-08 12:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008-03-31 09:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meridian93
[2012-05-05 17:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012-02-18 14:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008-02-08 16:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008-06-16 19:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011-07-03 16:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoCollageMax
[2010-01-29 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2008-04-14 10:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008-04-03 13:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008-02-04 05:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010-05-06 11:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011-09-11 19:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009-11-29 16:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-08-27 20:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010-07-05 21:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010-04-13 12:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008-12-30 09:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2010-05-17 17:45:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Goran\Application Data\.#
[2008-02-18 12:32:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\.BitTornado
[2011-04-27 22:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\9EB8F174-10C4-4BF3-9A55-36818C9AF17C
[2008-04-17 17:39:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Acreon
[2009-09-02 21:49:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Acronis
[2011-05-31 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AUSkey
[2011-10-26 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AVG Secure Search
[2011-10-26 19:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AVG2012
[2010-11-29 21:52:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Bitrix Security
[2008-03-21 21:09:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\BitTorrent
[2008-03-23 13:38:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\BSplayer
[2011-06-25 15:42:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Camfrog
[2008-05-30 19:32:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Canon
[2011-03-08 18:47:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ElevatedDiagnostics
[2011-05-17 22:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\EmailNotifier
[2008-02-09 02:58:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Gamelab
[2012-02-14 22:53:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GameTracker
[2011-09-06 23:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Garmin
[2010-05-17 19:03:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GetRightToGo
[2008-04-15 20:15:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GSC
[2008-02-21 09:46:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ICQ
[2008-02-27 09:51:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\iWinArcade
[2008-04-03 14:11:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Jane s Hotel Family Hero
[2008-01-29 07:40:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Leadertech
[2011-02-01 16:27:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ManyCam
[2008-03-30 19:32:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Meridian93
[2008-06-16 21:04:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Nokia
[2008-02-08 16:03:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Oberon Games
[2012-04-30 11:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\ooVoo Details
[2009-02-26 15:09:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\PC Suite
[2011-07-03 16:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PhotoCollageMax
[2012-04-30 00:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Photopos
[2011-05-17 21:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PhotoposComtb
[2008-04-14 10:49:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\PlayFirst
[2011-05-09 19:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PriceGong
[2009-02-21 16:10:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Safer Networking
[2009-03-08 10:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Simply Super Software
[2011-09-11 09:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Skinux
[2008-02-27 08:40:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\SpinTop
[2011-05-27 20:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\TeamViewer
[2008-05-25 14:11:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\TERMINAL Studio
[2008-03-17 00:16:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\TheScruffs
[2011-08-27 20:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\TomTom
[2008-04-09 19:00:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Ulead Systems
[2012-05-04 23:06:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Uniblue
[2012-04-10 22:23:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\uTorrent
[2009-12-23 13:25:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Vivox
[2012-04-22 15:19:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\VoipStunt
[2011-08-13 08:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Windows Live Writer
[2012-04-30 14:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012-04-22 12:53:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010-03-13 18:59:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2010-04-16 03:00:49 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2012-05-05 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2012-05-07 15:03:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
[2009-04-23 00:35:55 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011-05-15 16:48:43 | 000,032,626 | ---- | M] () -- C:\ASLog.txt
[2012-02-18 21:07:08 | 000,000,600 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012-02-13 20:29:54 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2008-01-23 14:16:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-01-23 14:16:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008-01-23 14:16:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007-07-27 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-08-17 19:01:34 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012-05-07 15:11:17 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008-04-06 19:39:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008-04-20 23:52:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008-04-20 23:54:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008-06-03 20:46:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008-06-03 20:47:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008-06-03 20:48:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008-11-08 09:06:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008-11-08 11:50:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009-01-18 21:42:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2008-04-06 19:39:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008-04-20 23:52:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008-04-20 23:54:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008-06-03 20:46:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008-06-03 20:47:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008-06-03 20:48:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008-11-08 09:06:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008-11-08 11:50:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009-01-18 21:42:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008-01-23 14:15:50 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 20:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007-03-28 12:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007-04-09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006-10-26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008-07-06 18:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008-02-19 06:58:22 | 000,199,600 | ---- | M] () -- C:\WINDOWS\MINI98.scr
[2010-04-17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008-02-21 09:46:40 | 000,000,457 | ---- | M] () -- C:\Program Files\INSTALL.LOG
[2008-02-28 06:53:11 | 000,000,000 | ---- | M] () -- C:\Program Files\temp01

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008-01-23 06:01:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008-01-23 06:01:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008-01-23 06:01:02 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.līk /x >
[2008-08-17 19:06:50 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2012-04-24 19:57:41 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\HP Solution Center.lnk
[2008-08-17 19:06:50 | 000,001,567 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2008-01-23 14:16:14 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
[2008-05-01 01:00:13 | 000,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012-05-06 22:29:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-05 00:17:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-06 22:25:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-11 16:25:33

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EXE >
[2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007-06-13 19:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007-06-13 18:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007-07-27 20:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: EXPLORER.EXE-02121B1A.PF >
[2012-05-05 17:18:50 | 000,105,710 | ---- | M] () MD5=3D2B2DE79E5872919077284577D41F91 -- C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf

< MD5 for: EXPLORER.SCF >
[2007-07-27 20:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: EXPLORER.ZIP >
[2006-03-06 22:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

< MD5 for: IEXPLORE.CHM >
[2009-02-21 01:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2007-07-27 20:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm
[2006-09-02 00:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\ie8\iexplore.chm

< MD5 for: IEXPLORE.CHW >
[2010-11-08 18:18:36 | 000,153,185 | ---- | M] () MD5=F7E49469C37E8928CA836595E11C89B5 -- C:\WINDOWS\Help\iexplore.chw

< MD5 for: IEXPLORE.EXE >
[2008-12-19 13:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=030D78FE84A086ED376EFCBD2D72C522 -- C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe
[2008-10-15 14:34:58 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=056C927CF7207857E8B34F7A8FFD9B9E -- C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2008-12-19 13:25:30 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=15E8A89499741D5CF59A9CF6463A4339 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[2008-04-22 16:02:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=197B7E4030CFBD8D2979D375E1787AA2 -- C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[2008-08-23 13:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe
[2008-04-22 15:40:18 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=232B22817B90AE0AFF2D189E3E3735AC -- C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
[2007-12-06 19:01:25 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2703D940A62B731AA220529DD7331A78 -- C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
[2008-02-29 16:55:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2D0E5592AB5A46C27DAF7CCAFF4F5B59 -- C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
[2008-04-14 05:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2007-10-10 16:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[2007-10-10 16:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\iexplore.exe
[2008-06-23 17:20:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=64E376A47763DAEABCDA14BD5B6EA286 -- C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
[2008-02-22 17:40:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=6E0888626E0CAC79F57149814E22DB4D -- C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[2007-12-06 16:34:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=809D17D8FA0FDAEE07778CD821CAFFDE -- C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[2008-10-15 15:06:26 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=9D3DB9ADFABD2F0BC778EC03250A3ABB -- C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
[2009-02-28 12:54:41 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=A251068640DDB69FD7805B57D89D7FF7 -- C:\WINDOWS\ie8\iexplore.exe
[2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2009-02-28 12:54:44 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=BCD8E48709BE4A79606F0B6E8E9A6162 -- C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[2008-06-23 16:23:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=C52A9EF571E91535EB78DB4B8B95EA07 -- C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[2007-08-14 10:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
[2007-07-27 20:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie7\iexplore.exe
[2008-08-23 13:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[2007-10-10 18:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
[2007-10-10 18:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\iexplore.exe

< MD5 for: IEXPLORE.EXE.EXP.LOG >
[2011-05-08 15:11:44 | 000,386,821 | ---- | M] () MD5=3E026E1FD84AA528C0E36886E1658F04 -- C:\Program Files\Internet Explorer\iexplore.exe.exp.log

< MD5 for: IEXPLORE.EXE.EXP.LOG.OLD >
[2010-03-22 19:49:59 | 001,051,657 | ---- | M] () MD5=958C2A29A7DAB076FAD641C4E721E8FB -- C:\Program Files\Internet Explorer\iexplore.exe.exp.log.old

< MD5 for: IEXPLORE.EXE.MUI >
[2009-03-08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009-03-08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
[2007-08-14 10:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\WINDOWS\ie8\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE_129498214790156250.EXH >
[2011-05-14 12:38:02 | 000,000,554 | ---- | M] () MD5=A8402148B0B62303E5FA917784FAA771 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129498214790156250.exh

< MD5 for: IEXPLORE.EXE_129498214790156250_F.DMP >
[2011-05-14 12:38:02 | 017,301,386 | ---- | M] () MD5=7BAAE5CAF445E8D55E8A8216DEAC1384 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129498214790156250_F.dmp

< MD5 for: IEXPLORE.EXE_129498214790156250_M.DMP >
[2011-05-14 12:38:00 | 006,714,678 | ---- | M] () MD5=72D57DCFACA6CC444669E7918A2156A1 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129498214790156250_M.dmp

< MD5 for: IEXPLORE.EXE_129499203848750000.EXH >
[2011-05-15 16:06:52 | 000,000,569 | ---- | M] () MD5=2C1B991D3F2E85B62C22BE336AC4171A -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129499203848750000.exh

< MD5 for: IEXPLORE.EXE_129499203848750000_F.DMP >
[2011-05-15 16:06:42 | 213,879,461 | ---- | M] () MD5=67C583CE1BA01C5F001B48D7C7671010 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129499203848750000_F.dmp

< MD5 for: IEXPLORE.EXE_129499203848750000_M.DMP >
[2011-05-15 16:06:27 | 005,162,113 | ---- | M] () MD5=34715B3539C1E79DB5F104986072E248 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129499203848750000_M.dmp

< MD5 for: IEXPLORE.EXE-2D97EBE6.PF >
[2012-05-06 22:19:20 | 000,085,118 | ---- | M] () MD5=76418E43AF012686A61B6FCD09F6CABC -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf

< MD5 for: IEXPLORE.HLP >
[2007-07-27 20:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

< MD5 for: WINLOGON.EXE >
[2007-07-27 20:00:00 | 000,506,880 | ---- | M] (Microsoft Corporation) MD5=051A52001D625F316CE81A539BD25192 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINLOGON.EXE.20080206-055927-00.HDMP >
[2008-02-06 13:59:29 | 003,499,992 | ---- | M] () MD5=CD8778DB4F3D620E6FE77775C20A92E9 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\winlogon.exe.20080206-055927-00.hdmp

< MD5 for: WINLOGON.EXE.20080720-030935-00.HDMP >
[2008-07-20 11:09:39 | 000,032,638 | ---- | M] () MD5=4715AFF3EFD69074CBEA07675A058D48 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\winlogon.exe.20080720-030935-00.hdmp

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB49800$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 287 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0030B7B
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6D0EC31
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03777453
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A3DB99
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7D7891
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52D76DB8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:633B85CE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFBB419A

< End of report >

JonDou
2012-05-07, 10:55
And this is the

Extras.txt log

OTL Extras logfile created on: 07-May-2012 3:15:40 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 3.13 Gb Available Physical Memory | 89.45% Memory free
5.33 Gb Paging File | 5.23 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 41.14 Gb Free Space | 27.58% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 14.77 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS
Drive J: | 951.62 Mb Total Space | 946.52 Mb Free Space | 99.46% Space Free | Partition Type: FAT32

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"25999:TCP" = 25999:TCP:*:Disabled:cs.xfire.com
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"585:TCP" = 585:TCP:*:Enabled:outlook send
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" = C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt -- (VoipStunt)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\Grisoft\AVG7\avgemc.exe" = C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Disabled:btdownloadgui
"C:\Program Files\SEGA\Medieval II Total War\medieval2.exe" = C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:*:Disabled:Medieval 2: Total War
"C:\DOCUME~1\Goran\LOCALS~1\Temp\Rar$EX00.125\Call of Duty 4 -- Chams & Aimbot.exe" = C:\DOCUME~1\Goran\LOCALS~1\Temp\Rar$EX00.125\Call of Duty 4 -- Chams & Aimbot.exe:*:Enabled:Microsot Windows Explorer
"C:\Documents and Settings\Goran\Documents\Downloads\WoW-BurningCrusade-enUS-Installer-downloader.exe" = C:\Documents and Settings\Goran\Documents\Downloads\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Documents and Settings\Goran\Documents\Downloads\WoW-BurningCrusade-Trial-enUS-Installer-downloader2.exe" = C:\Documents and Settings\Goran\Documents\Downloads\WoW-BurningCrusade-Trial-enUS-Installer-downloader2.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\winup.exe" = C:\WINDOWS\system32\winup.exe:*:Disabled:winup
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe" = C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe:*:Disabled:sof3
"C:\Documents and Settings\Goran\Local Settings\Temp\Blizzard Launcher Temporary - a84d1928\Launcher.exe" = C:\Documents and Settings\Goran\Local Settings\Temp\Blizzard Launcher Temporary - a84d1928\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Disabled:McAfee Data Backup
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\Goran\Application Data\IMVUClient\IMVUClient.exe" = C:\Documents and Settings\Goran\Application Data\IMVUClient\IMVUClient.exe:*:Enabled:IMVUClient
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Documents and Settings\Goran\Application Data\IMVUClient\1VivoxVoice.exe" = C:\Documents and Settings\Goran\Application Data\IMVUClient\1VivoxVoice.exe:*:Disabled:1VivoxVoice
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Disabled:Camfrog Video Chat -- (Camshare Inc.)
"C:\Program Files\ICQ\Icq.exe" = C:\Program Files\ICQ\Icq.exe:*:Disabled:ICQ
"C:\Documents and Settings\Goran\Desktop\CoD2 Wallhack\cod4\Chams & aimbot\Call of Duty 4 -- Chams & Aimbot.exe" = C:\Documents and Settings\Goran\Desktop\CoD2 Wallhack\cod4\Chams & aimbot\Call of Duty 4 -- Chams & Aimbot.exe:*:Disabled:Microsot Windows Explorer
"C:\Documents and Settings\Goran\Desktop\CoD2 Wallhack\cod4\Call of Duty 4 -- Chams & Aimbot.exe" = C:\Documents and Settings\Goran\Desktop\CoD2 Wallhack\cod4\Call of Duty 4 -- Chams & Aimbot.exe:*:Disabled:Microsot Windows Explorer
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Disabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Xfire\xfire_exception.exe" = C:\Program Files\Xfire\xfire_exception.exe:*:Disabled:xfire_exception -- (Xfire Inc.)
"C:\Program Files\The All-Seeing Eye\eye.exe" = C:\Program Files\The All-Seeing Eye\eye.exe:*:Disabled:Yahoo! All-Seeing Eye
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Disabled:Curse Client
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe" = C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising -- (Codemasters Software Company Limited)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\World of Warcraft\Temp\wow-4.2.1.2727-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft\Temp\wow-4.2.1.2727-enUS-tools-downloader.exe:*:Enabled:wow-4.2.1.2727-enUS-tools-downloader
"C:\Program Files\World of Warcraft\Temp\wow-4.2.1.2730-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft\Temp\wow-4.2.1.2730-enUS-tools-downloader.exe:*:Enabled:wow-4.2.1.2730-enUS-tools-downloader
"C:\Program Files\World of Warcraft\wow-4.2.1.2736-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft\wow-4.2.1.2736-enUS-tools-downloader.exe:*:Enabled:wow-4.2.1.2736-enUS-tools-downloader.exe -- (Blizzard Entertainment)
"C:\Documents and Settings\Goran\Local Settings\Apps\2.0\NNZXODTC.Z36\L0EJW5YD.ZPE\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe" = C:\Documents and Settings\Goran\Local Settings\Apps\2.0\NNZXODTC.Z36\L0EJW5YD.ZPE\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"C:\Documents and Settings\Goran\Local Settings\Temp\7zS19F7\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Goran\Local Settings\Temp\7zS19F7\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003190C4-888F-834C-0780-601D304C9C32}" = CCC Help Spanish
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{0813B2A4-85CF-491C-3C69-52463DCC4F4D}" = CCC Help Chinese Standard
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0CC4615C-7BA6-F3A1-FA76-A2AF370AC670}" = CCC Help Russian
"{0DE46A13-D4CB-BAD4-98FB-5262DDE76CE8}" = CCC Help Korean
"{0FC61FCF-0FAA-E9EE-7BD6-A75CAA0C3388}" = CCC Help Czech
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{12D9D635-2C58-8B60-C44B-C09DD307F4DC}" = CCC Help Chinese Traditional
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1E1300BC-6DBA-476B-8CCF-4AA81ED4DF6A}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20535ABD-7D5E-472E-9077-6AF48480DD82}" = ASUS GameOSD Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26405090-4A02-41C5-B7CB-EBD624BCB424}" = CCC Help French
"{2668AB7A-6937-107C-166E-31B230235B7B}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{298FC7A4-44AF-411D-BB17-C8516C20849B}" = GSC
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{309E994A-1FE1-4198-036E-A01A02213E25}" = CCC Help Hungarian
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34E30A1C-E978-332B-9B94-520621C4E13E}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3956B09E-C5AD-43A6-A889-F37F89BF47E1}" = Pilici
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AA83D48-8658-1526-EC55-25514D46ACCD}" = ccc-core-static
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FD595B1-0A6E-2A69-C199-71E3B65A1910}" = CCC Help Danish
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65455A2D-1671-E83B-F15D-D0C887F9D608}" = ATI Catalyst Install Manager
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7724F361-5E45-4649-E104-07183CC0E349}" = ATI Problem Report Wizard
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D5F535B-C5DC-47A9-8392-D757F7B600AC}" = CCC Help Greek
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EA4D12F-1571-4998-9BD1-D20C4A767D24}" = ASUS Utilities
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FAD04E8-1D32-22CC-701E-01E2A94015C3}" = CCC Help English
"{8FB3B66F-5A82-9ACB-0560-17C761A8A68B}" = CCC Help Dutch
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{971D71F5-CA24-52B1-811E-CB7CA0502CCE}" = CCC Help Portuguese
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A488DCE3-1391-0843-531A-86246DEBE98C}" = ccc-utility
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC874BBA-8B7A-ABB3-5878-BB8CD05F2852}" = CCC Help Thai
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBCC790B-FC18-B612-C8C1-851BEE493D55}" = CCC Help Italian
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEA2FF8E-50A3-4C6D-955E-5632C881753F}" = NetComm NB6 Series ADSL2+ Router USB Driver
"{C07751B7-AAF1-ABA4-2BCF-0C5D3D932D19}" = CCC Help Norwegian
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam Software
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D21D0CE6-F81A-F051-93FA-F0D8925C87D8}" = Catalyst Control Center Localization All
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2C4175D-CE60-AA59-0BEF-8B454A789C95}" = CCC Help Japanese
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB3E8237-FD20-C42C-9D93-9D6ADE03850C}" = ATI AVIVO Codecs
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3837B-9DE3-4D2F-07A8-A85D765F38ED}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F584B87B-4249-1331-345B-3C219F00C60B}" = CCC Help Swedish
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD26A504-690A-7631-104B-AA6917B9D207}" = CCC Help Finnish
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE5CD0C9-5A17-99C3-0B93-A820C3109049}" = Catalyst Control Center Graphics Previews Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD766D4-F724-1FD9-20CA-D3E6EDA5A663}" = CCC Help Turkish
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"ALLPlayer_is1" = ALLPlayer V4.X
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Camfrog 6.0" = Camfrog Video Chat 6.0
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"Christmas and New Year Frames Pack" = Christmas and New Year Frames Pack
"Crystal Player" = Crystal Player Professional 1.97
"CSCLIB" = Canon Camera Support Core Library
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"FormatFactory" = FormatFactory 2.70
"GameTracker Lite" = GameTracker Lite
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{298FC7A4-44AF-411D-BB17-C8516C20849B}" = GSC
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D1B7EF59-A3E2-452A-882E-076E1A18D94A}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Singleplayer Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"Kid-Key-Lock_is1" = Kid-Key-Lock 1.7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"ManyCam" = ManyCam 2.6.30 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Photo Pos Pro" = Photo Pos Pro
"Photo Pos Pro Classic Frames Pack" = Photo Pos Pro Classic Frames Pack
"Photo Pos Pro Collage Templates Pack" = Photo Pos Pro Collage Templates Pack
"PhotoposComTbr" = Photopos Toolbar (Remove Toolbar Only)
"PhotoStitch" = Canon Utilities PhotoStitch
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.92
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Totalcmd" = Total Commander (Remove or Repair)
"Turbo Pizza_is1" = Turbo Pizza
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"VoipStunt_is1" = VoipStunt
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR arhivar
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xfire" = Xfire (remove only)
"Xilisoft DVD Ripper Platinum 5" = Xilisoft DVD Ripper Platinum 5
"xvid" = XviD MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZD Soft Game Recorder" = ZD Soft Game Recorder
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in
"Winamp Toolbar" = Winamp Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02-May-2012 11:03:05 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 02-May-2012 11:03:27 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 02-May-2012 11:03:42 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 03-May-2012 11:09:08 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 1:53:40 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 1:55:07 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 1:59:02 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 1:59:42 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 2:00:10 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 5:16:02 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

[ OSession Events ]
Error - 16-May-2011 10:27:39 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16-May-2011 10:28:08 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16-May-2011 10:28:38 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16-May-2011 10:29:01 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18-May-2011 9:39:28 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 187
seconds with 120 seconds of active time. This session ended with a crash.

Error - 09-Sep-2011 6:01:49 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol
Driver service which failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7023
Description = The SilverLink service terminated with the following error: %%126

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD asuskbnt Avgldx86 Avgmfx86 Avgtdix EIO Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
Tcpip6

Error - 07-May-2012 3:13:05 AM | Computer Name = MAKIGOKI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

JonDou
2012-05-07, 11:04
Note:
I must tell you that I've had my Safe Mode on without the networking, so I couldn't update Avast's database.

here is attached MBR.zip and

aswMBR.txt


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-07 15:30:44
-----------------------------
15:30:44.203 OS Version: Windows 5.1.2600 Service Pack 3
15:30:44.203 Number of processors: 2 586 0xF0B
15:30:44.203 ComputerName: MAKIGOKI UserName: Goran
15:30:46.093 Initialize success
15:34:33.171 AVAST engine download error: 0
15:35:05.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:35:05.781 Disk 0 Vendor: WDC_WD3200AAJS-65RYA0 12.01B01 Size: 305245MB BusType: 3
15:35:05.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\JRAID1Port4Path0Target1Lun0
15:35:05.796 Disk 1 Vendor: ST380215 Size: 76318MB BusType: 1
15:35:05.812 Disk 0 MBR read successfully
15:35:05.828 Disk 0 MBR scan
15:35:05.828 Disk 0 unknown MBR code
15:35:05.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152703 MB offset 63
15:35:05.843 Disk 0 Partition - 00 0F Extended LBA 152539 MB offset 312737355
15:35:05.875 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 137172 MB offset 312737418
15:35:05.875 Disk 0 Partition - 00 05 Extended 15366 MB offset 593666010
15:35:05.906 Disk 0 Partition 3 00 BC BOOTWIZ0 15366 MB offset 593666073
15:35:05.921 Disk 0 scanning sectors +625137345
15:35:06.015 Disk 0 scanning C:\WINDOWS\system32\drivers
15:35:19.328 Service scanning
15:35:50.656 Service PciCon E:\PciCon.sys **LOCKED** 21
15:35:54.640 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:36:00.265 Modules scanning
15:36:08.812 Disk 0 trace - called modules:
15:36:08.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sprr.sys >>UNKNOWN [0x8b574938]<<
15:36:08.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b448030]
15:36:09.062 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\00000085[0x8b4f69e8]
15:36:09.171 5 ACPI.sys[b7e6a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b454940]
15:36:09.250 Scan finished successfully
15:36:51.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Goran\Desktop\MBR.dat"
15:36:51.671 The log file has been saved successfully to "C:\Documents and Settings\Goran\Desktop\aswMBR.txt"


Thanks again :bigthumb:

JonDou
2012-05-07, 11:10
:oops: sry... forgot to attach the zip file :)... here it is

oldman960
2012-05-07, 11:10
Hi JonDou,

That's ok. You can run Deffogger in Safe Mode but I'd like you to try to run Combofix in normal windows. If it won't run please boot to Safe Mode with Networking and run it from there.

Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Please read through the instructions to familarize youself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download


Please download ComboFix from Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)or Link 2 (http://www.infospyware.net/antimalware/combofix/) to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to "Always ask me where to Save the files".

During the download, before you save it to your desktop, rename Combofix to jgh.exe


It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix



-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------

Double click on ComboFix.exe (jgh.exe in your case) & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.[/b]

Please post back with
combofix log
How is the computer?

Thanks

JonDou
2012-05-07, 16:48
Hey oldman960 :bigthumb: and thanks again :)

How are you today? I hope You are not loosing patience with me and my problem :).
I've run DeFogger in the Safe Mode and it has finished with no problems... however I couldn't manage to get the PC to run in normal windows mode, 'cause it freezes after just a minute of reboot.
I did disable spybot's TeaTimer and Resident (in that minute time :) ), but I didn't see any startup entry for TeaTimer.
When I tried to disable AVG, computer freezed on me. In Safe Mode when I clicked the AVG shortcut in order to disable it, it showed the "Command line Composer" window, where it's written: "You can use AVG 2012 Anti-Virus command line scanner only in Windows Safe Mode." It doesn't open AVG User Interface window, so i don't have an option to disable it.
As for Windows defender, I don't see it anywhere. Not in C>Program files nor in Ad/Remove programs.

I'm afraid if I run the Combofix scan in normal windows it will freez when PC freezes. I have downloaded Combofix.exe to the desktop in Safe Mode and renamed it before the download to jgh.exe and now it's waiting for me to double click it, but I don't know what should I do with AVG? Do I run the scan in Safe Mode then?

oldman960
2012-05-07, 17:54
Hi JonDou,

Ok run combofix in Safe Mode with Networking. Don't worry about AVG or any other Security program as they won't be running in safe mode. If combofix reboots your computer be sure to boot back into Safe Mode.

JonDou
2012-05-08, 16:54
Hi oldman960 :bigthumb:
I just ran the combofix (jgh.exe) in Safe Mode with Networking and the window pop up before it even started scanning, saying:

"Combofix has detected the following real time scanner(s) to be active:

antivirus: AVG Anti-Virus Free Edition 2012

Antivirus and intrusion prevention programs are known to interfere with Combofix's running. This may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking 'OK'."

Now, do I uninstall AVG, 'cause... as I said when I run AVG it only opens Command line Composer?

Thanks again for this. I realy appreciate your help :)

oldman960
2012-05-08, 17:53
Hi JonDou,

Ignore the warning and run combofix, you should be all right. Remember to boot back to Safe Mode if combofix reboots the computer.

JonDou
2012-05-08, 18:22
Hi oldman960,
When asked to install or update recovery console I clicked yes, but now the window pop up saying:

"You do not appear to be connected to the internet. Kindly connect before clicking 'OK'"

... but I am able to open google page, just did it :). Do I click OK anyway?

oldman960
2012-05-08, 18:34
Hi JonDou,

Go ahead we can get the Recovery Console later.

JonDou
2012-05-08, 19:21
Hi oldman960 :bigthumb:
ComboFix has installed recovery console from microsoft site I beleive, after all, but encountered a problem (or maybe not :) - I dont know). It showed that the computer is infected with root Zero.activity or something - the window quickly disappeared and a new one came up saying:

"Combofix has detected the presence of rootkit activity and needs to reboot the machine"

I did select the SafeMode with networking again, but before it rebooted, Combofix started to scan for infected files again.

It has finished now... the log follows :)

Thanks :)

JonDou
2012-05-08, 19:22
I'm still in SafeMode with networking :)

The log:

ComboFix 12-05-07.01 - Goran 8-May-2012 23:49:56.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3235 [GMT 8:00]
Running from: c:\documents and settings\Goran\Desktop\jgh.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ISx186.tmp
c:\documents and settings\All Users\Application Data\ISxE1.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\Goran\Application Data\.#
c:\documents and settings\Goran\Application Data\Bitrix Security
c:\documents and settings\Goran\Application Data\Bitrix Security\cet.txt
c:\documents and settings\Goran\Application Data\Bitrix Security\exlyu
c:\documents and settings\Goran\Application Data\Bitrix Security\lrtg.txt
c:\documents and settings\Goran\Application Data\Bitrix Security\mlkee_shrd
c:\documents and settings\Goran\Application Data\Bitrix Security\mxd1.txt
c:\documents and settings\Goran\Application Data\Bitrix Security\rgx.txt
c:\documents and settings\Goran\Application Data\Bitrix Security\rjg.txt
c:\documents and settings\Goran\Application Data\Bitrix Security\vhrejy1_shrd
c:\documents and settings\Goran\Application Data\PriceGong
c:\documents and settings\Goran\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Goran\Local Settings\Application Data\._Revolution_
c:\documents and settings\Goran\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Goran\WINDOWS
c:\program files\INSTALL.LOG
c:\program files\USS
c:\program files\USS\unins001.dat
c:\windows\$NtUninstallKB49800$\2424199615
c:\windows\$NtUninstallKB49800$\621078412\@
c:\windows\$NtUninstallKB49800$\621078412\cfg.ini
c:\windows\$NtUninstallKB49800$\621078412\Desktop.ini
c:\windows\$NtUninstallKB49800$\621078412\L\ttikqnog
c:\windows\$NtUninstallKB49800$\621078412\oemid
c:\windows\$NtUninstallKB49800$\621078412\U\00000001.@
c:\windows\$NtUninstallKB49800$\621078412\U\00000002.@
c:\windows\$NtUninstallKB49800$\621078412\U\00000004.@
c:\windows\$NtUninstallKB49800$\621078412\U\80000000.@
c:\windows\$NtUninstallKB49800$\621078412\U\80000004.@
c:\windows\$NtUninstallKB49800$\621078412\U\80000032.@
c:\windows\$NtUninstallKB49800$\621078412\version
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\ATKGFNEXSrv.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\avupdsvc.dll
c:\windows\system32\awvaibcm.ini
c:\windows\system32\bobhpylm.dllbox
c:\windows\system32\btserial.dll
c:\windows\system32\c.bat
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\2f1bba660ec1a795.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\8d0102213517da5c.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c48e17773e3d550b.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d3b26b120a4d3579.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\enwkuruc.ini
c:\windows\system32\hxyrdorl.ini
c:\windows\system32\jhiptdjc.ini
c:\windows\system32\kfehbjfu.ini
c:\windows\system32\lxda_device.dll
c:\windows\system32\Machnm32.dll
c:\windows\system32\MtxDma0.dll
c:\windows\system32\Ncrc710.dll
c:\windows\system32\parallel.dll
c:\windows\system32\pdlnshay.dll
c:\windows\system32\ROB_A.dll
c:\windows\system32\SE2Dmdm.dll
c:\windows\system32\sjwecigx.dllbox
c:\windows\system32\tcpip6.dll
c:\windows\system32\wdmaud.dll
c:\windows\system32\websensecamreportserver.dll
c:\windows\system32\ydkbfemh.ini
c:\windows\system32\z800mdfl.dll
c:\windows\system32\ZDPNDIS5.dll
c:\windows\$NtUninstallKB49800$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\drivers\nv4_mini.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_GVCplDrv
-------\Service_GVCplDrv
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 15:43 . 2010-07-09 21:38 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-04 16:18 . 2012-05-04 16:19 -------- d-----w- c:\program files\ERUNT
2012-05-04 15:02 . 2012-05-04 15:02 -------- d-----w- c:\program files\Common Files\Java
2012-05-04 15:01 . 2012-05-04 15:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 15:01 . 2012-05-04 15:01 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-30 03:14 . 2012-04-30 03:18 -------- d-----w- c:\documents and settings\Goran\Application Data\ooVoo Details
2012-04-30 03:13 . 2012-04-30 03:13 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\APN
2012-04-29 16:13 . 2012-04-29 16:13 118318 ----a-w- c:\windows\Photo Pos Pro Collage Templates Pack Uninstaller.exe
2012-04-29 16:09 . 2012-04-29 16:11 -------- d-----w- c:\documents and settings\Goran\Application Data\Photopos
2012-04-29 16:09 . 2012-04-29 16:09 -------- d-----w- c:\program files\PhotoposComTbr
2012-04-24 11:57 . 2012-04-24 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2012-04-24 11:57 . 2012-04-24 11:57 -------- d-----w- c:\program files\Hewlett-Packard
2012-04-22 10:18 . 2012-04-22 10:18 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 15:01 . 2011-05-31 12:43 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-29 07:12 . 2012-03-31 05:41 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-29 07:12 . 2011-06-09 14:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 07:56 . 2010-11-29 14:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2007-07-27 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2007-07-27 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2007-07-27 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2007-07-27 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 13:02 . 2008-04-07 09:54 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-15 13:02 . 2009-04-04 03:20 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-15 13:02 . 2008-04-07 09:54 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-15 12:51 . 2008-04-07 09:54 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-14 12:47 . 2008-04-07 09:54 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-14 12:20 . 2010-11-29 15:33 682280 ----a-w- c:\windows\system32\pbsvc.exe
2011-12-01 12:06 . 2011-05-12 12:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 12:07 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-02 262144]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-15 2536448]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-01 5546376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-01 390720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\Goran\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2011-5-15 951]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
HP Digital Imaging Monitor.lnk.disabled [2008-3-12 1812]
Kodak EasyShare software.lnk.disabled [2011-9-10 1841]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-15 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{26BD304E-C934-11DC-B644-806D6172696F}\bootwiz\asrm.bin\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Uniblue SpeedUpMyPC"=
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" delay 20000
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" "sleep"
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"PeerBlock"=c:\program files\PeerBlock\peerblock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Alcmtr"=ALCMTR.EXE
"36X Raid Configurer"=c:\windows\system32\xRaidSetup.exe boot
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"JMB36X IDE Setup"=c:\windows\RaidTool\xInsIDE.exe
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /installquiet
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RTHDCPL"=RTHDCPL.EXE
"Svchost1"=c:\windows\Temp\SecurityHackers1.exe
"Svchost2"=c:\windows\Temp\SecurityHackers2.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe"
"<NO NAME>"=
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"LogitechVideo[inspector]"=c:\program files\Logitech\Video\InstallHelper.exe /inspect
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"McAfee Backup"=c:\program files\McAfee\MBK\McAfeeDataBackup.exe
"mcagent_exe"=c:\program files\McAfee.com\Agent\mcagent.exe /runkey
"McENUI"=c:\progra~1\McAfee\MHN\McENUI.exe /hide
"MBkLogOnHook"=c:\program files\McAfee\MBK\LogOnHook.exe
"GameFace Messenger"=c:\program files\GameFace Messenger\GameFace.exe
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Xfire\\xfire_exception.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\wow-4.2.1.2736-enUS-tools-downloader.exe"=
"c:\\Documents and Settings\\Goran\\Local Settings\\Apps\\2.0\\NNZXODTC.Z36\\L0EJW5YD.ZPE\\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"25999:TCP"= 25999:TCP:*:Disabled:cs.xfire.com
"6112:TCP"= 6112:TCP:Blizzard Downloader
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"585:TCP"= 585:TCP:outlook send
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-Sep-2010 4:27 PM 23120]
R0 AvgRkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07-Sep-2010 3:48 AM 32592]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [26-Apr-2011 4:09 PM 752128]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07-Sep-2010 3:49 AM 295248]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [30-Jun-2010 1:48 AM 116608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07-Sep-2010 3:48 AM 230608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [18-Feb-2010 2:25 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11-May-2010 2:41 AM 67664]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [26-Apr-2011 4:09 PM 3246040]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-Oct-2011 6:25 AM 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02-Aug-2011 6:09 AM 192776]
S2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [10-Nov-2011 7:49 AM 1677072]
S2 gupdate1c9891f144d5a58;Google Update Service (gupdate1c9891f144d5a58);c:\program files\Google\Update\GoogleUpdate.exe [07-Feb-2009 8:24 PM 133104]
S2 KMService;KMService;c:\windows\system32\srvany.exe [10-May-2011 8:30 PM 8192]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29-Feb-2012 8:50 AM 158856]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-Apr-2011 8:21 PM 92592]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [12-Mar-2012 8:07 PM 918880]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31-Mar-2012 1:41 PM 253088]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [26-Apr-2011 4:09 PM 167968]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [13-Feb-2012 6:57 PM 101904]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19-Aug-2010 9:42 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19-Aug-2010 9:42 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19-Aug-2010 9:42 PM 16720]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [03-Sep-2009 11:41 PM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [03-Sep-2009 11:41 PM 3072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [07-Feb-2009 8:24 PM 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14-Jan-2008 6:06 PM 21632]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [27-Jul-2007 8:00 PM 14336]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [18-Jan-2010 7:53 AM 19056]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [18-May-2011 10:34 PM 25088]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17-Jul-2008 10:01 PM 716272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
cfosspeeds
s716bus
ASMMAP
MpFilter
toddsrv
licensemanagersocket
cccredmgr
utilman
icepack
W2acehid
adsservice
nv4
CdaD10BA
nvstor32
imountsrv
passthru
PTproct
dlaudfam
rchost
XAudio
NWDHCP
ScFBPNT3
lvsrvlauncher
lxrjd31s
FireTDI
amusbprt
DumaNT
SED133x
picturetaker
dmprimer
CA561
BTSLBCSP
BUFADPT
scsk4
WIBUKEY
procexp111
iteatapi
avupdsvc
winpppoverethernet
websensedcagent
ARCSOFTVIRTUALCAPTURE
se59nd5
avg7updsvc
ifp800
bdrsdrv
pivotmou
vcommmgr
tbhsd
ZY202_XP
wm
R300
giveio
websensecpmcommunicationagent
oraclewebassistant
oracleoradb10g_home1isql*plus
dm1service
dot4ufd
PCTINDIS5
keriomailserver
zenos1
tpkmpsvc
mcods
AmdIde
yukonwlh
dlaifs_m
NxSysMon
nvrd64
btfirst
usbser
se58mgmt
L1e
slservice
HPFECP20
ghoststartservice
k750mgmt
avidstartup
se2End5
HSFHWALI
SetupSys
db2ntsecserver
omniusbl
msgame
s3savagemx
IBM_LLC2
MXOFX
bwmservice
openldap-slapd
alcxwdm
smcirda
A4S2600
ramaint
crauto
ARPolicy
ifxspmgtsrv
dbmang
websenseclientdeployservice
Alpham1
bdpredir
OEM02Vfx
3comtftp
amdk7
aaksrv
atimpab
wg5n
webcompserver
mi-raysat_3dsmax8
BsHelpCS
iPassP
ar5211
NWFILTER
Si3114r5
L6POD
mhndrv
fsRamDsk
oracleorahomemanagementserver
btnhnd
serialkeys
susbser
pivot
blueletscoaudio
GV600_4
pdlndldl
GVCplDrv
TOSHIBASoftModem
cwcspud
vaiomediaplatform-integratedserver-appserver
cics.region2
cmpci
2wirepcp
V0080Dev
DCamUSBSQTECH
zntport
TMHIDSRV
bdfsfltr
mpfirewl
efs
webrootadminconsole
WmiAcpi
smrt
patrolagent
USIUDF
ifxtcs
CcmExec
mcpromgr
sfdrv01
rt2870
megamonitorsrv
dirms_defragmentation
slave
adiloader
lxcgcustomerconnect
s125bus
yats32
smartwiservice
wg3n
maxbackserviceint
PSI_SVC_2
ino_fltr
pdfcreatormessages
eliservice
ssmdrv
nwrdr
mstdfrgs
SWNC8U20
rp_fws
DcPTP
PAC7302
ssscsisv
webdriveservice
thpsrv
acs
avsvcmonitor
Memctl
wandrv
tandpl
bjmcmng
pnarp
MRV6X32P
VRADFIL
ixiaendpoint
delldmi
WNCPKT
mssql$sony_mediamgr
mps9
ipssvc
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:12]
.
2012-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:57]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 12:24]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 12:24]
.
2010-04-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 07:07]
.
2012-05-07 c:\windows\Tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 20:31]
.
2009-04-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 14:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Goran\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
Trusted Zone: windowslivehelp.com\www
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7}: NameServer = 192.168.1.1,198.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{511131f1-4629-4254-a85f-ed7b6d75dd3c} - (no file)
BHO-{17313704-4A6F-4A90-B799-9A0ECD442850} - (no file)
BHO-{21893045-FD23-4839-8079-751626C13BD9} - (no file)
BHO-{e5deed4b-f298-4211-a480-2a963cf87dc5} - (no file)
BHO-{F08F5390-B47D-4517-AA17-1BCC9ED22183} - (no file)
BHO-{F3730A1F-B98C-4188-96FD-DAF6A9FDAC3A} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 00:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{488B7D68-9D12-06B4-21B5-4586810284C2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-05-09 00:17:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-08 16:17
.
Pre-Run: 43,004,141,568 bytes free
Post-Run: 45,255,487,488 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 07191058DC4731874389895B8D41BA1B

JonDou
2012-05-08, 19:28
Hi oldman960 :bigthumb:

I'll call it a night, if thats OK with You :). It's 00:30 here... cya tmrw :).
Have a nice day/evening :)

oldman960
2012-05-09, 02:34
Hi JonDou,

How's the computer?

You should be able to boot to Normal windows to run this fix.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE



File::
c:\windows\Temp\SecurityHackers1.exe
c:\windows\Temp\SecurityHackers2.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=-
"netsvcs"=hex(7):36,74,6F,34,00,41,70,70,4D,67,6D,74,00,41,\
75,64,69,6F,53,72,76,00,42,72,6F,77,73,65,72,00,43,72,79,70,74,53,76,\
63,00,44,4D,53,65,72,76,65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,\
76,65,6E,74,53,79,73,74,65,6D,00,46,61,73,74,55,73,65,72,53,77,69,74,\
63,68,69,6E,67,43,6F,6D,70,61,74,69,62,69,6C,69,74,79,00,48,69,64,53,\
65,72,76,00,49,61,73,00,49,70,72,69,70,00,49,72,6D,6F,6E,00,4C,61,6E,\
6D,61,6E,53,65,72,76,65,72,00,4C,61,6E,6D,61,6E,57,6F,72,6B,73,74,61,\
74,69,6F,6E,00,4D,65,73,73,65,6E,67,65,72,00,4E,65,74,6D,61,6E,00,4E,\
6C,61,00,4E,74,6D,73,73,76,63,00,4E,57,43,57,6F,72,6B,73,74,61,74,69,\
6F,6E,00,4E,77,73,61,70,61,67,65,6E,74,00,52,61,73,61,75,74,6F,00,52,\
61,73,6D,61,6E,00,52,65,6D,6F,74,65,61,63,63,65,73,73,00,53,63,68,65,\
64,75,6C,65,00,53,65,63,6C,6F,67,6F,6E,00,53,45,4E,53,00,53,68,61,72,\
65,64,61,63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,\
73,72,76,00,54,68,65,6D,65,73,00,54,72,6B,57,6B,73,00,57,33,32,54,69,\
6D,65,00,57,5A,43,53,56,43,00,57,6D,69,00,57,6D,64,6D,50,6D,53,70,00,77,\
69,6E,6D,67,6D,74,00,77,73,63,73,76,63,00,78,6D,6C,70,72,6F,76,00,6E,\
61,70,61,67,65,6E,74,00,68,6B,6D,73,76,63,00,42,49,54,53,00,77,75,61,\
75,73,65,72,76,00,53,68,65,6C,6C,48,57,44,65,74,65,63,74,69,6F,6E,00,68,\
65,6C,70,73,76,63,00,57,6D,64,6D,50,6D,53,4E,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Svchost1"=-
"Svchost2"=-

Driver::
cfosspeeds
s716bus
ASMMAP
MpFilter
toddsrv
licensemanagersocket
cccredmgr
utilman
icepack
W2acehid
adsservice
nv4
CdaD10BA
nvstor32
imountsrv
passthru
PTproct
dlaudfam
rchost
XAudio
NWDHCP
ScFBPNT3
lvsrvlauncher
lxrjd31s
FireTDI
amusbprt
DumaNT
SED133x
picturetaker
dmprimer
CA561
BTSLBCSP
BUFADPT
scsk4
WIBUKEY
procexp111
iteatapi
avupdsvc
winpppoverethernet
websensedcagent
ARCSOFTVIRTUALCAPTURE
se59nd5
avg7updsvc
ifp800
bdrsdrv
pivotmou
vcommmgr
tbhsd
ZY202_XP
wm
R300
giveio
websensecpmcommunicationagent
oraclewebassistant
oracleoradb10g_home1isql*plus
dm1service
dot4ufd
PCTINDIS5
keriomailserver
zenos1
tpkmpsvc
mcods
AmdIde
yukonwlh
dlaifs_m
NxSysMon
nvrd64
btfirst
usbser
se58mgmt
L1e
slservice
HPFECP20
ghoststartservice
k750mgmt
avidstartup
se2End5
HSFHWALI
SetupSys
db2ntsecserver
omniusbl
msgame
s3savagemx
IBM_LLC2
atimpab
wg5n
webcompserver
mi-raysat_3dsmax8
BsHelpCS
iPassP
ar5211
NWFILTER
Si3114r5
L6POD
mhndrv
fsRamDsk
oracleorahomemanagementserver
btnhndl
serialkeys
susbser
pivot
blueletscoaudio
GV600_4
pdlndldl
GVCplDrv
TOSHIBASoftModem
cwcspud
vaiomediaplatform-integratedserver-appserver
cics.region2
cmpci
2wirepcp
V0080Dev
DCamUSBSQTECH
zntport
TMHIDSRV
bdfsfltr
mpfirewl
efs
webrootadminconsole
WmiAcpi
smrt
patrolagent
USIUDF
ifxtcs
CcmExecl
mcpromgr
sfdrv01
rt2870
megamonitorsrv
dirms_defragmentation
slave
adiloader
lxcgcustomerconnect
s125bus
yats32
smartwiservice
wg3n
maxbackserviceint
PSI_SVC_2
ino_fltr
pdfcreatormessages
eliservice
ssmdrv
mstdfrgs
SWNC8U20
rp_fws
DcPTP
PAC7302
ssscsisv
webdriveservice
thpsrv
acs
avsvcmonitor
Memctl
wandrv
tandpl
bjmcmng
pnarp
MRV6X32P
VRADFIL
ixiaendpoint
delldmi
WNCPKT
mssql$sony_mediamgr
mps9
ipssvc


In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

JonDou
2012-05-09, 15:33
Hi oldman960 :bigthumb:

The computer is filling better now :). It didn't freez when rebooted in normal mode

I did all as You requested... ComboFix detected rootkit activity:

"You are infected with Rootkit.ZeroAccess! It has inserted itself into the tep/ip stack. This is a particularly difficult infection."... etc.

It rebooted and started scanning again, but when it completed all the stages and started deleting files it has stuck at

Deleting files:

H:\Autorun.inf

What do I do next :)? Please help

oldman960
2012-05-09, 17:53
Hi JonDou,

If there isn't the slightest bit of hard drive activity, reboot the computer and run combofix again.

JonDou
2012-05-10, 13:45
Hi oldman960 :bigthumb:
I may have done it wrong. I have restarted computer and let it run through out the night, cause it seemed it has been stuck at the same point, but in the morning the log-in screen was waiting for me like it has finished the scan and rebooted. The thing is... after yesterday's reboot (when CF was stuck), I didn't start the CF again by draging the CFscript.txt onto the ComboFix.exe icon. I have just double clicked it :red:. Was that OK, or do You want me to do it again, but this time with draging the CFscript.txt ?
And another thing... I can't find the log from the last scan. I checked it in C:

Thanks again and sry if I made a mistake here.

oldman960
2012-05-10, 18:36
Hi JonDou,

Just run combofix again by double clicking. Please post the log that is produced.

JonDou
2012-05-11, 16:28
Hi oldman960 :bigthumb:
It's been 4 hours since I double clicked CF to do the scan and it is stuck at the same position as before:

http://i39.photobucket.com/albums/e151/Gorltar/CFstuck.jpg

I ran it last night again and it didn't produce any log. The same login window was on screen when I woke up. I did another scan when I came back from work and that one is still running (4hours so far and it didn't move from H:\Autorun.inf). I don't know what to do :sad:
If it matters, hard drive H: I beleive is an external hard drive, which I can disconnect if you want me to.

Thanks for staying with my problem oldman960 :bigthumb:

oldman960
2012-05-11, 18:03
Hi

Let's try it this way. Reboot the computer, disconnect the external drive.

After the computer restarts give it a bit to see if combofix will finish. If it doesn't, locate combofix.exe which you've renamed, right click it and click delete.

Download a new copy and try it again by double clicking it.

JonDou
2012-05-12, 02:40
Hi oldman960 :bigthumb:
I've done the thing You've asked and the same thing happened there, just this time it has finished stage 50 and that was it. It didn't start deleting the files like before. I left it running for 3 hours and it didn't move from that stage, so I went to bad. In the morning, a windows login window was there and no log report in C: :sad:
Am I doing something wrong here?
On top of that... I can't get rid off "HPProductAssistance" popup window that keeps poping up :buried:.
http://i39.photobucket.com/albums/e151/Gorltar/HPAssistance.jpg
and when I click cancel:
http://i39.photobucket.com/albums/e151/Gorltar/HPAssistance2.jpg
then after OK it starts installing it again and repeats the proces all over again with the same pics ??!! :)
http://i39.photobucket.com/albums/e151/Gorltar/HPAssistance3.jpg

You said at the beginning not to install any program without your knoledge or instructions. Shall I find that disc and give it a go or just uninstall that crap :)? And yeah... what to do next with my problem :scratch:
Thanks oldman960 for your answers... I really appreciate it :bigthumb:

JonDou
2012-05-12, 13:34
I DID IT :yahoo:
Finaly ... I thought I could try CF scan one more time so I deleted the icon and downloaded the fresh one (again :) )like you sugested it and ComboFix has finished it with the log report at the end :). It reported this as well, just before it restarted computer:

http://i39.photobucket.com/albums/e151/Gorltar/file.jpg

The log follows :).

JonDou
2012-05-12, 13:35
Here is the log ComboFix.txt:



ComboFix 12-05-12.01 - Goran 2-May-2012 16:49:39.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2907 [GMT 8:00]
Running from: c:\documents and settings\Goran\Desktop\jgh.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_2WIREPCP
-------\Legacy_AMDIDE
-------\Legacy_AR5211
-------\Legacy_ARCSOFTVIRTUALCAPTURE
-------\Legacy_ASMMAP
-------\Legacy_ATIMPAB
-------\Legacy_AVG7UPDSVC
-------\Legacy_AVIDSTARTUP
-------\Legacy_BDFSFLTR
-------\Legacy_BDRSDRV
-------\Legacy_BLUELETSCOAUDIO
-------\Legacy_BSHELPCS
-------\Legacy_BTFIRST
-------\Legacy_CCCREDMGR
-------\Legacy_CFOSSPEEDS
-------\Legacy_CICS.REGION2
-------\Legacy_CMPCI
-------\Legacy_CWCSPUD
-------\Legacy_DB2NTSECSERVER
-------\Legacy_DCAMUSBSQTECH
-------\Legacy_DELLDMI
-------\Legacy_DLAIFS_M
-------\Legacy_DM1SERVICE
-------\Legacy_DOT4UFD
-------\Legacy_FSRAMDSK
-------\Legacy_GHOSTSTARTSERVICE
-------\Legacy_GIVEIO
-------\Legacy_GV600_4
-------\Legacy_HPFECP20
-------\Legacy_HSFHWALI
-------\Legacy_IBM_LLC2
-------\Legacy_IFP800
-------\Legacy_IFXTCS
-------\Legacy_IPASSP
-------\Legacy_IPSSVC
-------\Legacy_IXIAENDPOINT
-------\Legacy_K750MGMT
-------\Legacy_KERIOMAILSERVER
-------\Legacy_L1E
-------\Legacy_L6POD
-------\Legacy_LICENSEMANAGERSOCKET
-------\Legacy_MAXBACKSERVICEINT
-------\Legacy_MCODS
-------\Legacy_MCPROMGR
-------\Legacy_MHNDRV
-------\Legacy_MI-RAYSAT_3DSMAX8
-------\Legacy_MPFILTER
-------\Legacy_MPFIREWL
-------\Legacy_MPS9
-------\Legacy_MSGAME
-------\Legacy_MSSQL$SONY_MEDIAMGR
-------\Legacy_NVRD64
-------\Legacy_NWFILTER
-------\Legacy_NXSYSMON
-------\Legacy_OMNIUSBL
-------\Legacy_ORACLEORADB10G_HOME1ISQL*PLUS
-------\Legacy_ORACLEORAHOMEMANAGEMENTSERVER
-------\Legacy_ORACLEWEBASSISTANT
-------\Legacy_PCTINDIS5
-------\Legacy_PDLNDLDL
-------\Legacy_PIVOT
-------\Legacy_RT2870
-------\Legacy_S3SAVAGEMX
-------\Legacy_S716BUS
-------\Legacy_SE2END5
-------\Legacy_SE58MGMT
-------\Legacy_SE59ND5
-------\Legacy_SERIALKEYS
-------\Legacy_SETUPSYS
-------\Legacy_SFDRV01
-------\Legacy_SI3114R5
-------\Legacy_SLSERVICE
-------\Legacy_SUSBSER
-------\Legacy_TMHIDSRV
-------\Legacy_TODDSRV
-------\Legacy_TOSHIBASOFTMODEM
-------\Legacy_TPKMPSVC
-------\Legacy_USBSER
-------\Legacy_USIUDF
-------\Legacy_UTILMAN
-------\Legacy_V0080DEV
-------\Legacy_VAIOMEDIAPLATFORM-INTEGRATEDSERVER-APPSERVER
-------\Legacy_VRADFIL
-------\Legacy_WEBCOMPSERVER
-------\Legacy_WEBSENSECPMCOMMUNICATIONAGENT
-------\Legacy_WG5N
-------\Legacy_WNCPKT
-------\Legacy_YUKONWLH
-------\Legacy_ZENOS1
-------\Legacy_ZNTPORT
-------\Service_2wirepcp
-------\Service_AmdIde
-------\Service_ar5211
-------\Service_ARCSOFTVIRTUALCAPTURE
-------\Service_ASMMAP
-------\Service_atimpab
-------\Service_avg7updsvc
-------\Service_avidstartup
-------\Service_bdfsfltr
-------\Service_bdrsdrv
-------\Service_blueletscoaudio
-------\Service_BsHelpCS
-------\Service_btfirst
-------\Service_cccredmgr
-------\Service_cfosspeeds
-------\Service_cics.region2
-------\Service_cmpci
-------\Service_cwcspud
-------\Service_db2ntsecserver
-------\Service_DCamUSBSQTECH
-------\Service_delldmi
-------\Service_dlaifs_m
-------\Service_dm1service
-------\Service_dot4ufd
-------\Service_fsRamDsk
-------\Service_ghoststartservice
-------\Service_giveio
-------\Service_GV600_4
-------\Service_HPFECP20
-------\Service_HSFHWALI
-------\Service_IBM_LLC2
-------\Service_ifp800
-------\Service_ifxtcs
-------\Service_iPassP
-------\Service_ipssvc
-------\Service_ixiaendpoint
-------\Service_k750mgmt
-------\Service_keriomailserver
-------\Service_L1e
-------\Service_L6POD
-------\Service_licensemanagersocket
-------\Service_maxbackserviceint
-------\Service_mcods
-------\Service_mcpromgr
-------\Service_mhndrv
-------\Service_mi-raysat_3dsmax8
-------\Service_MpFilter
-------\Service_mpfirewl
-------\Service_mps9
-------\Service_msgame
-------\Service_mssql$sony_mediamgr
-------\Service_nvrd64
-------\Service_NWFILTER
-------\Service_NxSysMon
-------\Service_omniusbl
-------\Service_oracleoradb10g_home1isql*plus
-------\Service_oracleorahomemanagementserver
-------\Service_oraclewebassistant
-------\Service_PCTINDIS5
-------\Service_pdlndldl
-------\Service_pivot
-------\Service_rt2870
-------\Service_s3savagemx
-------\Service_s716bus
-------\Service_se2End5
-------\Service_se58mgmt
-------\Service_se59nd5
-------\Service_serialkeys
-------\Service_SetupSys
-------\Service_sfdrv01
-------\Service_Si3114r5
-------\Service_slservice
-------\Service_susbser
-------\Service_TMHIDSRV
-------\Service_toddsrv
-------\Service_TOSHIBASoftModem
-------\Service_tpkmpsvc
-------\Service_usbser
-------\Service_USIUDF
-------\Service_utilman
-------\Service_V0080Dev
-------\Service_vaiomediaplatform-integratedserver-appserver
-------\Service_VRADFIL
-------\Service_webcompserver
-------\Service_websensecpmcommunicationagent
-------\Service_wg5n
-------\Service_WNCPKT
-------\Service_yukonwlh
-------\Service_zenos1
-------\Service_zntport
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-08 15:43 . 2010-07-09 21:38 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-04 16:18 . 2012-05-04 16:19 -------- d-----w- c:\program files\ERUNT
2012-05-04 15:02 . 2012-05-04 15:02 -------- d-----w- c:\program files\Common Files\Java
2012-05-04 15:01 . 2012-05-04 15:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 15:01 . 2012-05-04 15:01 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-30 03:14 . 2012-04-30 03:18 -------- d-----w- c:\documents and settings\Goran\Application Data\ooVoo Details
2012-04-30 03:13 . 2012-04-30 03:13 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\APN
2012-04-29 16:13 . 2012-04-29 16:13 118318 ----a-w- c:\windows\Photo Pos Pro Collage Templates Pack Uninstaller.exe
2012-04-29 16:09 . 2012-04-29 16:11 -------- d-----w- c:\documents and settings\Goran\Application Data\Photopos
2012-04-29 16:09 . 2012-04-29 16:09 -------- d-----w- c:\program files\PhotoposComTbr
2012-04-24 11:57 . 2012-04-24 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2012-04-24 11:57 . 2012-04-24 11:57 -------- d-----w- c:\program files\Hewlett-Packard
2012-04-22 10:18 . 2012-04-22 10:18 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 15:01 . 2011-05-31 12:43 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-29 07:12 . 2012-03-31 05:41 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-29 07:12 . 2011-06-09 14:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 07:56 . 2010-11-29 14:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2007-07-27 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2007-07-27 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2007-07-27 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2007-07-27 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 13:02 . 2008-04-07 09:54 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-15 13:02 . 2009-04-04 03:20 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-15 13:02 . 2008-04-07 09:54 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-15 12:51 . 2008-04-07 09:54 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-14 12:47 . 2008-04-07 09:54 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-14 12:20 . 2010-11-29 15:33 682280 ----a-w- c:\windows\system32\pbsvc.exe
2011-12-01 12:06 . 2011-05-12 12:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 12:07 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-02 262144]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-15 2536448]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-01 5546376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-01 390720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\Goran\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2011-5-15 951]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
HP Digital Imaging Monitor.lnk.disabled [2008-3-12 1812]
Kodak EasyShare software.lnk.disabled [2011-9-10 1841]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-15 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{26BD304E-C934-11DC-B644-806D6172696F}\bootwiz\asrm.bin\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Uniblue SpeedUpMyPC"=
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" delay 20000
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" "sleep"
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"PeerBlock"=c:\program files\PeerBlock\peerblock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Alcmtr"=ALCMTR.EXE
"36X Raid Configurer"=c:\windows\system32\xRaidSetup.exe boot
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"JMB36X IDE Setup"=c:\windows\RaidTool\xInsIDE.exe
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /installquiet
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RTHDCPL"=RTHDCPL.EXE
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe"
"<NO NAME>"=
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"LogitechVideo[inspector]"=c:\program files\Logitech\Video\InstallHelper.exe /inspect
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"McAfee Backup"=c:\program files\McAfee\MBK\McAfeeDataBackup.exe
"mcagent_exe"=c:\program files\McAfee.com\Agent\mcagent.exe /runkey
"McENUI"=c:\progra~1\McAfee\MHN\McENUI.exe /hide
"MBkLogOnHook"=c:\program files\McAfee\MBK\LogOnHook.exe
"GameFace Messenger"=c:\program files\GameFace Messenger\GameFace.exe
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Xfire\\xfire_exception.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\wow-4.2.1.2736-enUS-tools-downloader.exe"=
"c:\\Documents and Settings\\Goran\\Local Settings\\Apps\\2.0\\NNZXODTC.Z36\\L0EJW5YD.ZPE\\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"25999:TCP"= 25999:TCP:*:Disabled:cs.xfire.com
"6112:TCP"= 6112:TCP:Blizzard Downloader
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"585:TCP"= 585:TCP:outlook send
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-Sep-2010 4:27 PM 23120]
R0 AvgRkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07-Sep-2010 3:48 AM 32592]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [26-Apr-2011 4:09 PM 752128]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07-Sep-2010 3:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07-Sep-2010 3:49 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [18-Feb-2010 2:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11-May-2010 2:41 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [30-Jun-2010 1:48 AM 116608]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [26-Apr-2011 4:09 PM 3246040]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-Oct-2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02-Aug-2011 6:09 AM 192776]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [10-Nov-2011 7:49 AM 1677072]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-Apr-2011 8:21 PM 92592]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [12-Mar-2012 8:07 PM 918880]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [26-Apr-2011 4:09 PM 167968]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [13-Feb-2012 6:57 PM 101904]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19-Aug-2010 9:42 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19-Aug-2010 9:42 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19-Aug-2010 9:42 PM 16720]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?]
S2 gupdate1c9891f144d5a58;Google Update Service (gupdate1c9891f144d5a58);c:\program files\Google\Update\GoogleUpdate.exe [07-Feb-2009 8:24 PM 133104]
S2 KMService;KMService;c:\windows\system32\srvany.exe [10-May-2011 8:30 PM 8192]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29-Feb-2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31-Mar-2012 1:41 PM 253088]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [03-Sep-2009 11:41 PM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [03-Sep-2009 11:41 PM 3072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [07-Feb-2009 8:24 PM 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14-Jan-2008 6:06 PM 21632]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [27-Jul-2007 8:00 PM 14336]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [18-Jan-2010 7:53 AM 19056]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [18-May-2011 10:34 PM 25088]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17-Jul-2008 10:01 PM 716272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:12]
.
2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:57]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 12:24]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 12:24]
.
2010-04-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 07:07]
.
2012-05-12 c:\windows\Tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 20:31]
.
2009-04-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 14:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Goran\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
Trusted Zone: windowslivehelp.com\www
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7}: NameServer = 192.168.1.1,198.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-12 17:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{488B7D68-9D12-06B4-21B5-4586810284C2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1356)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(6152)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-05-12 17:58:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 09:58
ComboFix2.txt 2012-05-08 16:17
.
Pre-Run: 46,176,477,184 bytes free
Post-Run: 46,182,801,408 bytes free
.
- - End Of File - - 361ABA1800A736E86A76AF979BFD482E


Thank You oldman960 :bigthumb:

oldman960
2012-05-12, 16:49
Hi JonDou,

Good job. :bigthumb:

How's the computer?

uTorrent
You have uTorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. It's not the program itself that is the problem but what can be downloaded with it usually from an unknown source.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx (http://www.microsoft.com/windows/ie/community/columns/protection.mspx)

http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm (http://www.internetworldstats.com/articles/art053.htm)

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove this programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.



You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

Click the Update tab
Click Check for Updates
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with
MBAM log

JonDou
2012-05-13, 04:51
Hi oldman960 :bigthumb:

Thanks for the links You gave me. I have gone through them and found very useful stuff. I will implement some of them :). I scaned a comp with MBAM today and

"The scan completed succesfully. No malicious items were detected."

Here is the log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.12.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Goran :: OWNER [administrator]

13-May-2012 9:15:06 AM
mbam-log-2012-05-13 (09-15-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257798
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I forgot to tell You... I don't experiance freezes any more with my computer, but You have probably figure it out by now :).
No more "HPProductAssistant" window poping out olso :).

Thanks again oldman960 :bigthumb:

oldman960
2012-05-13, 07:50
Hi JonDou,

So far so good,

One more scan to check our handiwork.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.

Push the back button.
Push Finish
Re-enable your Antivirus software.




After the ESET scan please rerun OTL. Open the program and click the Quick Scan button. Please post the OTL.txt that is produced.

Please post back with
ESET log if there was one
OTL.txt
Everything still ok?

JonDou
2012-05-13, 13:00
Hi oldman960 :bigthumb:
I wanted to delete the old OTL.txt log from my desktop when I saw defogger_disable.log there. I remembered that you said something about it earlier and found this:

"IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop."

Because I didn't receive any error message (or I didn't see it at least) I wasn't expecting a log. Now that I found it, here it is: I'm sry if it turns out to be important one :slap:

defogger_disable log:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:02 on 07/05/2012 (Goran)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


I'll run the scans now...

JonDou
2012-05-13, 15:17
Hi oldman960 :bigthumb:

OK... I did the scans and the logs follow. Quite a few infections were found :(.
Just wanted to tell You that in AVG's identity protection allowed list, is a
C:\WINDOWS\SYSTEM32\REGSVR32.EXE and the date allowed is 29.08.2011.
Should that be there?

ESETScan log:

C:\Qoobox\Quarantine\C\WINDOWS\system32\ATKGFNEXSrv.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\avupdsvc.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\awvaibcm.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\btserial.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\enwkuruc.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\hxyrdorl.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\jhiptdjc.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\kfehbjfu.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\lxda_device.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Machnm32.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\MtxDma0.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Ncrc710.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\parallel.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pdlnshay.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ROB_A.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\SE2Dmdm.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tcpip6.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wdmaud.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\websensecamreportserver.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ydkbfemh.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\z800mdfl.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ZDPNDIS5.dll.vir Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0242588.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0242617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0243617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0244617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0245617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0246617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0246652.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0246692.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0246792.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1313\A0246849.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0247685.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0247827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248836.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248837.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248843.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248844.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248845.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248846.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248847.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0249827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0250827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0251827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0252827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0253829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0254829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0254838.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0254839.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0255829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0256829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0257829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0258829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0259829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0260829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0261837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0262837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0263837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0264837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0265837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0265849.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0265926.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0266926.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0266936.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0267926.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0267934.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1324\A0269280.dll Win32/Sirefef.DA trojan
D:\My Documents\marina\portfolio\vectors\picture\SweetImSetup.exe a variant of Win32/SweetIM.B application
D:\My Documents\programi\gamebooster.exe a variant of Win32/Toolbar.Widgi application
D:\My Documents\programi\PhotoPosPro\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application
D:\My Documents\programi\Uniblue\spyeraser.exe probably a variant of Win32/UbSpyEraser application
D:\My Documents\programi 2\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application


Thanks oldman960 :bigthumb:

JonDou
2012-05-13, 15:22
I did enable all antivirus and antispyware programs.

Have to break OTL.txt in two parts.

First part:

OTL Scan log

OTL logfile created on: 13-May-2012 7:52:04 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 76.66% Memory free
5.34 Gb Paging File | 4.56 Gb Available in Paging File | 85.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 42.22 Gb Free Space | 28.31% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 14.78 Gb Free Space | 11.03% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Goran\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\GameTracker\GSInGameService.exe (ClanServers Hosting LLC)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll ()
MOD - C:\Program Files\GSC\CtxMenu.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MXOFX) -- %systemroot%\system32\WinVd32.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (CcmExec) -- %systemroot%\system32\w200mgmt.dll File not found
SRV - (btnhnd) -- %systemroot%\system32\SECYPUSB.dll File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (aaksrv) -- %systemroot%\system32\RTL8169.dll File not found
SRV - (3comtftp) -- %systemroot%\system32\vmount2.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (GS In-Game Service) -- C:\Program Files\GameTracker\GSInGameService.exe (ClanServers Hosting LLC)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (KMService) -- C:\WINDOWS\system32\srvany.exe ()

JonDou
2012-05-13, 15:22
Second part:

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (SpyEmrg) -- System32\Drivers\spyemrg.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PciCon) -- E:\PciCon.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\jgh\catchme.sys File not found
DRV - (1802E) -- globalroot\C:\WINDOWS\system32\drivers\1802E.sys File not found
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgRkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\WINDOWS\system32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (Video3D) -- C:\WINDOWS\system32\drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (Lvckap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1455F202-242E-4872-9700-182595B04230}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=chr-vmn&type=photopos2_0yach&q={searchTerms}
IE - HKCU\..\SearchScopes\{7400AA93-E276-4810-886F-5F5A9DDC3FD6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNWQ_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={60F607CC-7962-4103-A140-A4612667239E}&mid=44fe0b7a735675b2c18c7d77bd9a4579-0ea5e905f1d14e46bc4439e0ddc6c448b29e541b&lang=en&ds=AVG&pr=fr&d=2011-10-26 19:36:50&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=0&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-10-26 13:57:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-02-01 18:58:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012-03-12 20:07:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-02 19:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-04 23:01:11 | 000,000,000 | ---D | M]

[2010-10-02 00:30:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions
[2011-08-27 20:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009-12-23 13:11:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012-05-04 23:04:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions
[2011-11-06 08:18:06 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-10-28 18:20:38 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-04-30 00:09:10 | 000,000,000 | ---D | M] (PhotoPos Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}
[2012-05-03 22:12:19 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011-08-17 21:37:03 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\aol-web-search.xml
[2011-02-01 19:05:08 | 000,002,333 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\askcom.xml
[2008-03-16 09:00:27 | 000,002,386 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\siteadvisor.xml
[2011-02-19 19:31:14 | 000,001,244 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\winamp-search.xml
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-04-22 18:19:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-05-31 20:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2011-12-01 20:06:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-07-12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012-03-12 20:07:48 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011-12-01 20:06:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! Search (Enabled)
CHR - default_search_provider: search_url = http://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_au&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2012-05-12 17:51:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Goran\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O9 - Extra 'Tools' menuitem : &Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: windowslivehelp.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Turbo%20Pizza/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7}: NameServer = 192.168.1.1,198.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D313AD3B-2A3F-4708-93FA-5AA7A28B9671}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-02-18 21:07:08 | 000,000,600 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{26BD304E-C934-11DC-B644-806D6172696F}\bootwiz\asrm.bin)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-05-13 19:47:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-05-13 18:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-05-12 16:26:46 | 004,490,121 | R--- | C] (Swearware) -- C:\Documents and Settings\Goran\Desktop\jgh.exe
[2012-05-09 00:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012-05-08 23:40:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-05-08 23:16:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-05-08 23:16:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-05-08 23:16:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-05-08 23:16:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-05-08 21:40:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-05-06 22:37:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-06 22:37:44 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-05 00:20:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012-05-05 00:17:27 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-04 23:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-05-02 20:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012-05-02 20:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012-04-30 11:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\ooVoo Details
[2012-04-30 11:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Local Settings\Application Data\APN
[2012-04-30 00:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\Photopos
[2012-04-30 00:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoposComTbr
[2012-04-24 19:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2012-04-24 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012-04-22 18:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012-04-22 18:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011-05-15 13:47:37 | 540,639,232 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Goran\Application Data\14.0.4734.1000_ProfessionalPlus_volume_ship_x86_en-us_exe.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-05-13 19:53:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
[2012-05-13 19:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-13 19:46:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-05-13 17:43:26 | 098,041,082 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012-05-13 17:40:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-05-13 03:25:11 | 001,686,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-05-13 03:04:57 | 000,472,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-05-13 03:04:57 | 000,090,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-05-13 03:01:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-05-12 17:51:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-05-12 16:26:46 | 004,490,121 | R--- | M] (Swearware) -- C:\Documents and Settings\Goran\Desktop\jgh.exe
[2012-05-12 13:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-12 06:27:12 | 000,001,663 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012-05-10 23:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-05-10 22:42:38 | 000,026,134 | -H-- | M] () -- C:\treeinfo.wc
[2012-05-08 23:42:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-05-08 23:40:20 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012-05-08 21:37:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-07 20:02:35 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Goran\defogger_reenable
[2012-05-07 18:38:58 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Defogger.exe
[2012-05-07 15:38:41 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\MBR.zip
[2012-05-07 15:36:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\MBR.dat
[2012-05-06 22:29:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-06 22:25:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-05 17:30:22 | 000,008,960 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Attach.zip
[2012-05-05 00:19:18 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-05-05 00:18:27 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\NTREGOPT.lnk
[2012-05-05 00:18:27 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\ERUNT.lnk
[2012-05-05 00:17:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-03 21:20:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012-05-02 19:08:53 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120503-001603.backup
[2012-05-01 23:15:52 | 000,002,233 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Pilici.lnk
[2012-05-01 22:59:00 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WORLD OF WARCRAFT.LNK
[2012-05-01 16:59:54 | 000,387,826 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012-04-30 00:13:03 | 000,118,318 | ---- | M] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-24 20:04:20 | 000,141,123 | ---- | M] () -- C:\WINDOWS\hpoins14.dat
[2012-04-24 19:59:13 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-04-22 20:43:24 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\Goran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-05-10 22:42:38 | 000,026,134 | -H-- | C] () -- C:\treeinfo.wc
[2012-05-08 23:40:20 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012-05-08 23:40:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012-05-08 23:16:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-05-08 23:16:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-05-08 23:16:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-05-08 23:16:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-05-08 23:16:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-05-07 20:02:10 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Goran\defogger_reenable
[2012-05-07 19:59:34 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\Defogger.exe
[2012-05-07 15:38:41 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\MBR.zip
[2012-05-07 15:36:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\MBR.dat
[2012-05-05 17:30:22 | 000,008,960 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\Attach.zip
[2012-05-05 00:19:18 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-05-05 00:18:27 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\NTREGOPT.lnk
[2012-05-05 00:18:27 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\ERUNT.lnk
[2012-04-30 00:13:03 | 000,118,318 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-25 08:04:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012-04-24 19:59:13 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-02-13 18:28:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012-02-03 17:29:56 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011-08-21 16:36:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011-07-23 09:02:38 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2011-06-25 16:44:12 | 000,090,744 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-06-19 15:18:10 | 000,140,564 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp
[2011-06-19 15:18:10 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp
[2011-05-15 16:42:16 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\Comma Separated Values (Windows).ADR
[2011-05-10 20:30:54 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2011-05-07 13:09:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\$_hpcst$.hpc
[2011-04-12 02:36:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436r
[2011-04-12 02:36:42 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436
[2011-04-11 11:59:33 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260r
[2011-04-11 11:59:33 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260
[2011-04-06 12:09:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-06 11:19:43 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011-02-25 21:04:10 | 000,119,630 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Classic Frames Pack Uninstaller.exe
[2011-02-25 21:04:03 | 000,119,394 | ---- | C] () -- C:\WINDOWS\Christmas and New Year Frames Pack Uninstaller.exe
[2011-02-23 22:15:04 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2011-02-23 22:15:03 | 000,000,094 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011-02-23 22:13:45 | 000,210,628 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2011-01-26 22:26:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011-01-26 22:26:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011-01-07 12:36:51 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-12-17 16:00:46 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-11-29 23:33:44 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010-07-10 05:38:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2011-05-07 09:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011-02-17 14:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2008-04-02 13:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2012-03-12 20:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011-05-15 23:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2012-05-06 22:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010-10-28 17:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008-02-28 09:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2010-10-28 18:06:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008-02-04 05:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011-01-29 15:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011-02-04 13:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2009-03-14 18:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011-05-17 21:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2008-02-09 07:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2010-02-05 15:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2008-04-07 10:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008-04-08 23:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2008-04-15 11:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008-02-09 07:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011-05-12 23:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010-10-15 17:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008-04-15 18:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2011-01-07 12:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010-11-19 11:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2008-03-27 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009-03-08 12:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008-03-31 09:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meridian93
[2012-05-13 17:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012-02-18 14:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008-02-08 16:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008-06-16 19:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011-07-03 16:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoCollageMax
[2010-01-29 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2008-04-14 10:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008-04-03 13:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008-02-04 05:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010-05-06 11:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011-09-11 19:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011-08-27 20:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010-07-05 21:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010-04-13 12:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008-12-30 09:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2008-02-18 12:32:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\.BitTornado
[2011-04-27 22:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\9EB8F174-10C4-4BF3-9A55-36818C9AF17C
[2008-04-17 17:39:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Acreon
[2009-09-02 21:49:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Acronis
[2011-05-31 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AUSkey
[2011-10-26 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AVG Secure Search
[2011-10-26 19:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AVG2012
[2008-03-21 21:09:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\BitTorrent
[2008-03-23 13:38:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\BSplayer
[2011-06-25 15:42:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Camfrog
[2008-05-30 19:32:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Canon
[2011-03-08 18:47:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ElevatedDiagnostics
[2011-05-17 22:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\EmailNotifier
[2008-02-09 02:58:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Gamelab
[2012-02-14 22:53:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GameTracker
[2011-09-06 23:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Garmin
[2010-05-17 19:03:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GetRightToGo
[2008-04-15 20:15:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GSC
[2008-02-21 09:46:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ICQ
[2008-02-27 09:51:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\iWinArcade
[2008-04-03 14:11:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Jane s Hotel Family Hero
[2008-01-29 07:40:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Leadertech
[2011-02-01 16:27:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ManyCam
[2008-03-30 19:32:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Meridian93
[2008-06-16 21:04:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Nokia
[2008-02-08 16:03:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Oberon Games
[2012-04-30 11:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\ooVoo Details
[2009-02-26 15:09:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\PC Suite
[2011-07-03 16:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PhotoCollageMax
[2012-04-30 00:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Photopos
[2011-05-17 21:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PhotoposComtb
[2008-04-14 10:49:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\PlayFirst
[2009-02-21 16:10:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Safer Networking
[2009-03-08 10:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Simply Super Software
[2011-09-11 09:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Skinux
[2008-02-27 08:40:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\SpinTop
[2011-05-27 20:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\TeamViewer
[2008-05-25 14:11:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\TERMINAL Studio
[2008-03-17 00:16:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\TheScruffs
[2011-08-27 20:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\TomTom
[2008-04-09 19:00:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Ulead Systems
[2012-05-04 23:06:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Uniblue
[2012-04-10 22:23:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\uTorrent
[2009-12-23 13:25:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Vivox
[2012-04-22 15:19:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\VoipStunt
[2011-08-13 08:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Windows Live Writer
[2010-04-16 03:00:49 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2012-05-13 19:53:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
[2009-04-23 00:35:55 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



< End of report >


Thanks oldman960 :bigthumb:

oldman960
2012-05-13, 18:29
Hi JonDou,

The detections are files we have all ready quarantined or are old System Restore points. These will be removed when the tools are removed.


C:\WINDOWS\SYSTEM32\REGSVR32.EXE
Yes that is a legitamate file and location.


D:\My Documents\marina\portfolio\vectors\picture\SweetImSetup.exe a variant of Win32/SweetIM.B application
D:\My Documents\programi\gamebooster.exe a variant of Win32/Toolbar.Widgi application
D:\My Documents\programi\PhotoPosPro\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application
D:\My Documents\programi\Uniblue\spyeraser.exe probably a variant of Win32/UbSpyEraser application
D:\My Documents\programi 2\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application

These are warning of potentialy unwanted programs (PUP) or the fact that the setup files contain a PUP.

Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :



:Reg

:Services
CcmExec
MXOFX
btnhnd
aaksrv
3comtftp

:Files
C:\windows\system32\WinVd32.dll
C:\windows\system32\w200mgmt.dll
C:\windows\system32\SECYPUSB.dll
C:\windows\system32\RTL8169.dll
C:\windows\system32\vmount2.dll

:Commands
[emptytemp]
[createrestorepoint]


Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the fix OTL log.

JonDou
2012-05-14, 08:58
Hi oldman960 :bigthumb:
Computer is doing fine so far :bow: with full antivirus and antispyware software running :).
I did a fix and here is the log file:

All processes killed
========== REGISTRY ==========
========== SERVICES/DRIVERS ==========
Service CcmExec stopped successfully!
Service CcmExec deleted successfully!
Service MXOFX stopped successfully!
Service MXOFX deleted successfully!
Service btnhnd stopped successfully!
Service btnhnd deleted successfully!
Service aaksrv stopped successfully!
Service aaksrv deleted successfully!
Service 3comtftp stopped successfully!
Service 3comtftp deleted successfully!
========== FILES ==========
File\Folder C:\windows\system32\WinVd32.dll not found.
File\Folder C:\windows\system32\w200mgmt.dll not found.
File\Folder C:\windows\system32\SECYPUSB.dll not found.
File\Folder C:\windows\system32\RTL8169.dll not found.
File\Folder C:\windows\system32\vmount2.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 373795 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes

User: Goran
->Temp folder emptied: 933934 bytes
->Temporary Internet Files folder emptied: 25645899 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 37941165 bytes
->Google Chrome cache emptied: 62476616 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2656 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 15076 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 20265 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 29536882 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152659 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 20105630 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 208728 bytes

Total Files Cleaned = 169.00 mb

Unable to start System Restore Service. Error code 1056

OTL by OldTimer - Version 3.2.42.2 log created on 05142012_134515

Files\Folders moved on Reboot...
C:\Documents and Settings\Goran\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\Documents and Settings\Goran\Local Settings\Temp\~DF3519.tmp not found!
File\Folder C:\Documents and Settings\Goran\Local Settings\Temp\~DF3524.tmp not found!
File\Folder C:\Documents and Settings\Goran\Local Settings\Temp\~DF3563.tmp not found!
File\Folder C:\Documents and Settings\Goran\Local Settings\Temp\~DF356E.tmp not found!
C:\Documents and Settings\Goran\Local Settings\Temp\~DFF800.tmp moved successfully.
C:\Documents and Settings\Goran\Local Settings\Temporary Internet Files\Content.IE5\QPYPYKEU\showthread[2].htm moved successfully.
C:\Documents and Settings\Goran\Local Settings\Temporary Internet Files\Content.IE5\MSC9O6JR\favicon[5].ico moved successfully.
C:\Documents and Settings\Goran\Local Settings\Temporary Internet Files\Content.IE5\1IDUYTRX\topbuttons[2].xml moved successfully.
C:\Documents and Settings\Goran\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

I hope everything is fine now. Thank You again for helping me :).

oldman960
2012-05-15, 00:17
Hi JonDou,

You are welcome.

It looks like you are good to go.

When you clean up the tools keep Defogger we will use it shortly.

From your desktop, please delete, if present
any notepads/logs that we created
DDS.scr
aswMBR.exe
MBR.zip
MBR.dat



Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK

Combofix /uninstall

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM, keep it updated and use it regularly.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Add a firewall to what you have.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL (http://www.bleepingcomputer.com/forums/tutorial60.html) for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware, IMO)



You can use Spybot to install a Custom Hosts file.

1-Left-click the "Spybot - Search & Destroy" shortcut to open the program
2-Right-click an item in the list of immunizations and click "Deselect All."
3-Scroll down to the bottom of the list and click the checkbox to the left of "Global (Hosts)" under the "Windows" header.
4-Click "Immunize" on the Spybot toolbar.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)

Please read the info on disabling the DNS Client before installing a custom hosts file.

-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (http://forums.whatthetech.com/redirect.php?url=http%3A%2F%2Fv5.windowsupdate.microsoft.com%2F)(using Internet Explorer) and download and install all critical updates on a regular basis

- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, ates to your chosen optionClick your start button > Control Panel > System > Automatic Updates tab.

- Keep your antivirus program updated, as well as any other security programs you have.

-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)

Please post back if you have any problems or questions.

Take care

JonDou
2012-05-15, 18:26
:2thumb: hi oldman960 :bigthumb:
:bow::bow::bow:
You guys are amazing. I can't thank You enough oldman960 for cleaning my computer :thanks:. It looked so easy looking at your posts and instructions, but I was so scared :). Thank You so much mate.

I've got a minor issue now. When I ran OTL to do the clean up, it deleted(cleaned) the defogger as well :). Now I don't know how to enable Emulation drivers. Is there an option inside the program that I'm using (Alcohol 120%) or should I download a new one and then ... hmm, I dont know :)?

Would it be rude if I ask You a questions? When I open windows explorer and from that window I open disc C: or any other folder, windows explorer stops working (incountered a problem and needs to close) and then the whole desktop refreshes and windows explorer becomes functional again. Can You help me with that or at least if You could tell me where to post that thread, in which subforum?

Thanks again for fixing it oldman960 :)

oldman960
2012-05-16, 18:30
Hi JonDou,

We can re-enable your Cd emulator drivers but first let's see if we can see what's going on with explorer.

After the desktop refreshes are the problems still present?

We'll have a look with OTL after a reboot. Once you reboot the computer do not do anything or open any programs other than OTL.

First download OTL from HERE (http://oldtimer.geekstogo.com/OTL.exe) and save it to your desktop.

Next

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the all of the text in the code box below into the Notepad, (including the URL). Do Not copy the word CODE


/md5start
explorer.*
dll
zx.dll
hlp.dat
/md5stop

In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "scan.txt"
Click save


You may want to print out the rest of the instructions so you have them handy.

Reboot the computer.


Double click inside the Custom Scan box at the bottom
A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
Click the OK button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

JonDou
2012-05-16, 18:45
Hi oldman960 :bigthumb:
Thanks for following :)
When the desktop refreshes everything goes back to normal until I open explorer ( My computer\C: ). I can open My documents folder through the desktop shortcut and browse wherever I wont, but if I navigate to My computer and then main(C): it stops working again.
Thanks... I'll do what You asked now.

JonDou
2012-05-16, 19:10
Hi oldman960 :bigthumb:

the log is too long :)
OTL.Txt log, PART 1

OTL logfile created on: 16-May-2012 11:56:45 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 71.99% Memory free
5.34 Gb Paging File | 4.47 Gb Available in Paging File | 83.72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 51.14 Gb Free Space | 34.29% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 17.24 Gb Free Space | 12.87% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-05-16 23:45:52 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
PRC - [2012-04-30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012-04-19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012-04-05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012-03-12 20:07:50 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012-03-12 20:07:49 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012-02-14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012-02-14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011-11-10 07:49:24 | 001,677,072 | ---- | M] (ClanServers Hosting LLC) -- C:\Program Files\GameTracker\GSInGameService.exe
PRC - [2011-08-18 21:47:31 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011-04-27 22:26:00 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011-04-22 20:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011-02-01 19:53:32 | 000,390,720 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011-02-01 19:53:26 | 000,804,528 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011-02-01 19:52:40 | 005,546,376 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010-11-16 03:52:28 | 002,536,448 | ---- | M] (Acronis) -- C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-07-21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-29 00:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007-01-31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006-09-29 10:01:06 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2005-12-10 07:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005-12-10 07:32:18 | 000,225,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005-12-08 02:26:30 | 000,489,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\CameraAssistant.exe
PRC - [2004-11-02 09:22:22 | 000,262,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\ElkCtrl.exe
PRC - [2004-02-26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012-05-13 03:10:33 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012-05-13 03:10:30 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
MOD - [2012-05-13 03:10:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012-05-13 03:10:11 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012-05-13 03:06:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012-05-13 03:06:32 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
MOD - [2012-05-13 03:06:23 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
MOD - [2012-05-13 03:05:31 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012-05-13 03:05:22 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012-03-12 20:07:50 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012-03-12 20:07:49 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011-09-27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-09-27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010-12-21 19:16:42 | 000,498,760 | ---- | M] () -- C:\Program Files\ManyCam\Bin\cximagecrt.dll
MOD - [2010-11-25 21:41:00 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010-03-16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2008-04-14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008-04-14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2012-04-30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-04-29 15:12:26 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-03-12 20:07:50 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-11-10 07:49:24 | 001,677,072 | ---- | M] (ClanServers Hosting LLC) [Auto | Running] -- C:\Program Files\GameTracker\GSInGameService.exe -- (GS In-Game Service)
SRV - [2011-08-18 21:47:31 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011-04-27 22:26:00 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011-04-22 20:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011-02-01 19:53:26 | 000,804,528 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010-09-01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009-10-27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-07-21 16:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008-04-14 05:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008-02-15 02:53:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007-05-29 00:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007-01-31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006-09-29 10:01:06 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2005-12-10 07:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2004-02-26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003-04-18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\spyemrg.sys -- (SpyEmrg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Unavailable | Unknown] -- globalroot\C:\WINDOWS\system32\drivers\1802E.sys -- (1802E)
DRV - [2012-04-19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012-03-19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012-02-22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012-01-31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2011-12-23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-12-23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011-12-23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011-12-23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011-08-15 11:53:55 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011-08-15 11:53:54 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011-08-01 15:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2011-04-27 22:26:03 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2011-04-27 22:25:56 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011-04-27 22:25:55 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011-04-27 22:25:48 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011-03-30 19:05:55 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2011-01-26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-11-17 20:03:56 | 000,101,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2010-11-12 13:40:12 | 000,273,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010-11-06 22:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010-06-02 12:31:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010-04-15 16:01:00 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2010-02-11 20:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009-04-22 14:28:08 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009-04-22 14:28:06 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009-02-21 17:54:34 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-08-17 14:23:17 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008-08-06 17:12:10 | 004,755,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-07-17 22:01:38 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008-04-14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008-01-14 18:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007-07-20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007-07-13 02:03:42 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007-07-13 02:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2007-06-13 23:47:12 | 000,048,256 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007-05-03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007-01-30 09:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006-10-31 15:55:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2006-09-29 10:06:26 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2005-12-10 07:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005-12-10 07:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005-12-10 07:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2005-12-06 11:30:19 | 000,916,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005-12-06 11:27:04 | 000,007,136 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005-12-06 11:26:16 | 000,039,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1455F202-242E-4872-9700-182595B04230}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=chr-vmn&type=photopos2_0yach&q={searchTerms}
IE - HKCU\..\SearchScopes\{7400AA93-E276-4810-886F-5F5A9DDC3FD6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNWQ_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={60F607CC-7962-4103-A140-A4612667239E}&mid=44fe0b7a735675b2c18c7d77bd9a4579-0ea5e905f1d14e46bc4439e0ddc6c448b29e541b&lang=en&ds=AVG&pr=fr&d=2011-10-26 19:36:50&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=0&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-10-26 13:57:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-05-16 15:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012-03-12 20:07:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012-05-16 15:17:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-02 19:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-04 23:01:11 | 000,000,000 | ---D | M]

[2010-10-02 00:30:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions
[2011-08-27 20:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009-12-23 13:11:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012-05-04 23:04:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions
[2011-11-06 08:18:06 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-10-28 18:20:38 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-04-30 00:09:10 | 000,000,000 | ---D | M] (PhotoPos Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}
[2012-05-03 22:12:19 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011-08-17 21:37:03 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\aol-web-search.xml
[2011-02-01 19:05:08 | 000,002,333 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\askcom.xml
[2008-03-16 09:00:27 | 000,002,386 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\siteadvisor.xml
[2011-02-19 19:31:14 | 000,001,244 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\winamp-search.xml
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-04-22 18:19:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-05-31 20:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012-03-12 20:07:56 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.2.0.3
[2011-12-01 20:06:56 | 000,010,043 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\GORAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IO5UAGFW.DEFAULT\EXTENSIONS\IPLEXTOALL@ALLPLAYER.ORG.XPI
[2012-05-16 15:18:06 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012-05-04 23:01:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-12-01 20:06:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-07-12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012-03-12 20:07:48 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011-12-01 20:06:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! Search (Enabled)
CHR - default_search_provider: search_url = http://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_au&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2012-05-15 23:29:40 | 000,442,053 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15215 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - No CLSID value found.
O2 - BHO: (no name) - {17313704-4A6F-4A90-B799-9A0ECD442850} - No CLSID value found.
O2 - BHO: (no name) - {21893045-FD23-4839-8079-751626C13BD9} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O2 - BHO: (no name) - {e5deed4b-f298-4211-a480-2a963cf87dc5} - No CLSID value found.
O2 - BHO: (no name) - {F08F5390-B47D-4517-AA17-1BCC9ED22183} - No CLSID value found.
O2 - BHO: (no name) - {F3730A1F-B98C-4188-96FD-DAF6A9FDAC3A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Goran\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O9 - Extra 'Tools' menuitem : &Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: windowslivehelp.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Turbo%20Pizza/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7}: NameServer = 192.168.1.1,198.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D313AD3B-2A3F-4708-93FA-5AA7A28B9671}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-02-18 21:07:08 | 000,000,600 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{26BD304E-C934-11DC-B644-806D6172696F}\bootwiz\asrm.bin)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-05-16 23:45:52 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-16 16:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse
[2012-05-16 16:13:43 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2012-05-16 16:13:27 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2012-05-16 16:13:27 | 000,045,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dc3d.sys
[2012-05-16 16:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012-05-16 15:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012-05-13 19:47:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-05-13 18:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-05-09 00:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012-05-08 23:40:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-05-05 00:20:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012-05-04 23:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-05-04 23:01:11 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012-05-04 23:01:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012-05-04 23:01:11 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012-05-04 23:01:11 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012-05-04 23:01:11 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012-05-02 20:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012-05-02 20:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012-04-30 11:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\ooVoo Details
[2012-04-30 11:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Local Settings\Application Data\APN
[2012-04-30 00:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\Photopos
[2012-04-30 00:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoposComTbr
[2012-04-24 19:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2012-04-24 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012-04-22 18:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012-04-22 18:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012-04-19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2011-05-15 13:47:37 | 540,639,232 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Goran\Application Data\14.0.4734.1000_ProfessionalPlus_volume_ship_x86_en-us_exe.exe

========== Files - Modified Within 30 Days ==========

[2012-05-16 23:58:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
[2012-05-16 23:53:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-05-16 23:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-16 23:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-05-16 23:45:52 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-16 17:37:12 | 098,321,667 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012-05-16 16:16:09 | 001,695,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-05-16 16:14:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2012-05-16 16:13:55 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2012-05-16 16:13:49 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012-05-16 16:13:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012-05-15 23:29:40 | 000,442,053 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-05-15 22:30:21 | 000,001,663 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012-05-14 13:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-13 03:04:57 | 000,472,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-05-13 03:04:57 | 000,090,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-05-13 03:02:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-05-12 17:51:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120515-232940.backup
[2012-05-10 23:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-05-10 22:42:38 | 000,026,134 | -H-- | M] () -- C:\treeinfo.wc
[2012-05-08 23:42:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-05-08 23:40:20 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012-05-08 21:37:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-07 20:02:35 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Goran\defogger_reenable
[2012-05-05 00:19:18 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-05-04 23:01:00 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012-05-04 23:01:00 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012-05-04 23:01:00 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012-05-04 23:01:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012-05-04 23:01:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012-05-04 23:01:00 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012-05-03 21:20:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012-05-02 19:08:53 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120503-001603.backup
[2012-05-01 23:15:52 | 000,002,233 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Pilici.lnk
[2012-05-01 22:59:00 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WORLD OF WARCRAFT.LNK
[2012-05-01 16:59:54 | 000,387,826 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012-04-30 00:13:03 | 000,118,318 | ---- | M] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-29 15:12:26 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-04-29 15:12:26 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-04-24 20:04:20 | 000,141,123 | ---- | M] () -- C:\WINDOWS\hpoins14.dat
[2012-04-24 19:59:13 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-04-22 20:43:24 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\Goran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-04-19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys

JonDou
2012-05-16, 19:12
OTL.Txt log PART 2

========== Files Created - No Company Name ==========

[2012-05-16 16:14:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2012-05-16 16:13:55 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2012-05-16 16:13:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012-05-16 16:13:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012-05-10 22:42:38 | 000,026,134 | -H-- | C] () -- C:\treeinfo.wc
[2012-05-08 23:40:20 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012-05-08 23:40:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012-05-07 20:02:10 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Goran\defogger_reenable
[2012-05-05 00:19:18 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-04-30 00:13:03 | 000,118,318 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-25 08:04:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012-04-24 19:59:13 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-02-13 18:28:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012-02-03 17:29:56 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011-08-21 16:36:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011-07-23 09:02:38 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2011-06-25 16:44:12 | 000,090,744 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-06-19 15:18:10 | 000,140,564 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp
[2011-06-19 15:18:10 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp
[2011-05-15 16:42:16 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\Comma Separated Values (Windows).ADR
[2011-05-10 20:30:54 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2011-05-07 13:09:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\$_hpcst$.hpc
[2011-04-12 02:36:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436r
[2011-04-12 02:36:42 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436
[2011-04-11 11:59:33 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260r
[2011-04-11 11:59:33 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260
[2011-04-06 12:09:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-06 11:19:43 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011-02-25 21:04:10 | 000,119,630 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Classic Frames Pack Uninstaller.exe
[2011-02-25 21:04:03 | 000,119,394 | ---- | C] () -- C:\WINDOWS\Christmas and New Year Frames Pack Uninstaller.exe
[2011-02-23 22:15:04 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2011-02-23 22:15:03 | 000,000,094 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011-02-23 22:13:45 | 000,210,628 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2011-01-26 22:26:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011-01-26 22:26:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011-01-07 12:36:51 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-12-17 16:00:46 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-11-29 23:33:44 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010-07-10 05:38:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007-06-13 19:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007-06-13 18:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007-07-27 20:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: EXPLORER.EXE-02121B1A.PF >
[2012-05-16 23:54:11 | 000,097,012 | ---- | M] () MD5=BA1B7C4204B6275E228B8A55471614FC -- C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf

< MD5 for: EXPLORER.SCF >
[2007-07-27 20:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: EXPLORER.ZIP >
[2006-03-06 22:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

< End of report >

JonDou
2012-05-16, 19:13
and the
Extras.Txt log

OTL Extras logfile created on: 16-May-2012 11:56:45 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 71.99% Memory free
5.34 Gb Paging File | 4.47 Gb Available in Paging File | 83.72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 51.14 Gb Free Space | 34.29% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 17.24 Gb Free Space | 12.87% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"25999:TCP" = 25999:TCP:*:Disabled:cs.xfire.com
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"585:TCP" = 585:TCP:*:Enabled:outlook send
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" = C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt -- (VoipStunt)
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Disabled:Camfrog Video Chat -- (Camshare Inc.)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Disabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Xfire\xfire_exception.exe" = C:\Program Files\Xfire\xfire_exception.exe:*:Disabled:xfire_exception -- (Xfire Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe" = C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising -- (Codemasters Software Company Limited)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\World of Warcraft\wow-4.2.1.2736-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft\wow-4.2.1.2736-enUS-tools-downloader.exe:*:Enabled:wow-4.2.1.2736-enUS-tools-downloader.exe -- (Blizzard Entertainment)
"C:\Documents and Settings\Goran\Local Settings\Apps\2.0\NNZXODTC.Z36\L0EJW5YD.ZPE\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe" = C:\Documents and Settings\Goran\Local Settings\Apps\2.0\NNZXODTC.Z36\L0EJW5YD.ZPE\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003190C4-888F-834C-0780-601D304C9C32}" = CCC Help Spanish
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{0813B2A4-85CF-491C-3C69-52463DCC4F4D}" = CCC Help Chinese Standard
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0CC4615C-7BA6-F3A1-FA76-A2AF370AC670}" = CCC Help Russian
"{0DE46A13-D4CB-BAD4-98FB-5262DDE76CE8}" = CCC Help Korean
"{0FC61FCF-0FAA-E9EE-7BD6-A75CAA0C3388}" = CCC Help Czech
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{12D9D635-2C58-8B60-C44B-C09DD307F4DC}" = CCC Help Chinese Traditional
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1E1300BC-6DBA-476B-8CCF-4AA81ED4DF6A}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20535ABD-7D5E-472E-9077-6AF48480DD82}" = ASUS GameOSD Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26405090-4A02-41C5-B7CB-EBD624BCB424}" = CCC Help French
"{2668AB7A-6937-107C-166E-31B230235B7B}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{298FC7A4-44AF-411D-BB17-C8516C20849B}" = GSC
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{309E994A-1FE1-4198-036E-A01A02213E25}" = CCC Help Hungarian
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34E30A1C-E978-332B-9B94-520621C4E13E}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3956B09E-C5AD-43A6-A889-F37F89BF47E1}" = Pilici
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AA83D48-8658-1526-EC55-25514D46ACCD}" = ccc-core-static
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FD595B1-0A6E-2A69-C199-71E3B65A1910}" = CCC Help Danish
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65455A2D-1671-E83B-F15D-D0C887F9D608}" = ATI Catalyst Install Manager
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7724F361-5E45-4649-E104-07183CC0E349}" = ATI Problem Report Wizard
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D5F535B-C5DC-47A9-8392-D757F7B600AC}" = CCC Help Greek
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EA4D12F-1571-4998-9BD1-D20C4A767D24}" = ASUS Utilities
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FAD04E8-1D32-22CC-701E-01E2A94015C3}" = CCC Help English
"{8FB3B66F-5A82-9ACB-0560-17C761A8A68B}" = CCC Help Dutch
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{971D71F5-CA24-52B1-811E-CB7CA0502CCE}" = CCC Help Portuguese
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A488DCE3-1391-0843-531A-86246DEBE98C}" = ccc-utility
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC874BBA-8B7A-ABB3-5878-BB8CD05F2852}" = CCC Help Thai
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBCC790B-FC18-B612-C8C1-851BEE493D55}" = CCC Help Italian
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEA2FF8E-50A3-4C6D-955E-5632C881753F}" = NetComm NB6 Series ADSL2+ Router USB Driver
"{C07751B7-AAF1-ABA4-2BCF-0C5D3D932D19}" = CCC Help Norwegian
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam Software
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D21D0CE6-F81A-F051-93FA-F0D8925C87D8}" = Catalyst Control Center Localization All
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2C4175D-CE60-AA59-0BEF-8B454A789C95}" = CCC Help Japanese
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB3E8237-FD20-C42C-9D93-9D6ADE03850C}" = ATI AVIVO Codecs
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3837B-9DE3-4D2F-07A8-A85D765F38ED}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012
"{F584B87B-4249-1331-345B-3C219F00C60B}" = CCC Help Swedish
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD26A504-690A-7631-104B-AA6917B9D207}" = CCC Help Finnish
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE5CD0C9-5A17-99C3-0B93-A820C3109049}" = Catalyst Control Center Graphics Previews Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD766D4-F724-1FD9-20CA-D3E6EDA5A663}" = CCC Help Turkish
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"ALLPlayer_is1" = ALLPlayer V4.X
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Camfrog 6.0" = Camfrog Video Chat 6.0
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"Christmas and New Year Frames Pack" = Christmas and New Year Frames Pack
"Crystal Player" = Crystal Player Professional 1.97
"CSCLIB" = Canon Camera Support Core Library
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.70
"GameTracker Lite" = GameTracker Lite
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{298FC7A4-44AF-411D-BB17-C8516C20849B}" = GSC
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D1B7EF59-A3E2-452A-882E-076E1A18D94A}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Singleplayer Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"Kid-Key-Lock_is1" = Kid-Key-Lock 1.7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"ManyCam" = ManyCam 2.6.30 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Photo Pos Pro" = Photo Pos Pro
"Photo Pos Pro Classic Frames Pack" = Photo Pos Pro Classic Frames Pack
"Photo Pos Pro Collage Templates Pack" = Photo Pos Pro Collage Templates Pack
"PhotoposComTbr" = Photopos Toolbar (Remove Toolbar Only)
"PhotoStitch" = Canon Utilities PhotoStitch
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.92
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Totalcmd" = Total Commander (Remove or Repair)
"Turbo Pizza_is1" = Turbo Pizza
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"VoipStunt_is1" = VoipStunt
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR arhivar
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xfire" = Xfire (remove only)
"Xilisoft DVD Ripper Platinum 5" = Xilisoft DVD Ripper Platinum 5
"xvid" = XviD MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZD Soft Game Recorder" = ZD Soft Game Recorder
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in
"Winamp Toolbar" = Winamp Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11-May-2012 11:40:11 AM | Computer Name = MAKIGOKI | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 11-May-2012 6:28:37 PM | Computer Name = MAKIGOKI | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 11-May-2012 6:38:08 PM | Computer Name = MAKIGOKI | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 11-May-2012 7:42:00 PM | Computer Name = MAKIGOKI | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 12-May-2012 4:33:04 AM | Computer Name = MAKIGOKI | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 12-May-2012 4:37:27 AM | Computer Name = MAKIGOKI | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 12-May-2012 4:38:19 AM | Computer Name = MAKIGOKI | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 12-May-2012 5:00:21 AM | Computer Name = MAKIGOKI | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 12-May-2012 5:02:17 AM | Computer Name = MAKIGOKI | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706. An installation package
for the product HPProductAssistant cannot be found. Try the installation again
using a valid copy of the installation package 'hpproductassistant.msi'.

Error - 16-May-2012 11:38:05 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

[ OSession Events ]
Error - 16-May-2011 10:27:39 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16-May-2011 10:28:08 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16-May-2011 10:28:38 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16-May-2011 10:29:01 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18-May-2011 9:39:28 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 187
seconds with 120 seconds of active time. This session ended with a crash.

Error - 09-Sep-2011 6:01:49 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15-May-2012 10:35:45 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 16-May-2012 3:08:04 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 16-May-2012 3:08:11 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 16-May-2012 3:35:58 AM | Computer Name = MAKIGOKI | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 16-May-2012 3:36:14 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 16-May-2012 3:36:56 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 16-May-2012 4:16:27 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 16-May-2012 4:16:37 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 16-May-2012 11:53:37 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 16-May-2012 11:53:41 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >

oldman960
2012-05-17, 14:27
Hi JonDou,

Let's see if the problem goes away in Safe Mode.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
does explorer still close when you attempt to open C:\?

Reboot back to normal windows.

Try to navigate to C:\Documents and Settings\Goran. you should find a document entitled defogger_reenable. Please post it's contents.

Next

Please open OTL.


Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)

In the window under Custom Scans/Fixes copy and paste the following


C:\Documents and Settings\All Users\Application Data\~18800436r\*.* /s
C:\Documents and Settings\All Users\Application Data\~18800436\*.* /s
C:\Documents and Settings\All Users\Application Data\~19390260r\*.* /s
C:\Documents and Settings\All Users\Application Data\~19390260\*.* /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\1802E /s



Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

Please post back with
defogger_reenable
OTL.txt

JonDou
2012-05-17, 17:54
Hi oldman960 :bigthumb:

Hmm... a strange thing happened. I have restarted the computer and booted in Safe Mode and tried to open C:. The same thing there...incountered the problem and needs to close. But when returned to Normal Windows Mode, I have lost the internet connection on my desktop. My Laptop still has the connection though. I opened Control Panel/Internet Connections on my desktop and there was no connections at all. Blank page... like I never had it. I tried to restart, shut down and turn the computer on again, but nothing. I can't even log in to my router anymore to check the settings :(.

And just as I thought we're done, hehe... :)

I found the defogger_reenable file, but it asked me which program do I want to use to open it. In the file properties it just says - Type of file: file. So I chose Notepad and here what's in it:

defogger_reenable

s:SPTD:0


Just that. I hope that's what you're looking for :). The size of that file is 20 bytes.

and the OTL.Txt

OTL logfile created on: 17-May-2012 10:32:50 PM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 81.09% Memory free
5.34 Gb Paging File | 4.73 Gb Available in Paging File | 88.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 50.98 Gb Free Space | 34.19% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 17.24 Gb Free Space | 12.87% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 3.72 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< C:\Documents and Settings\All Users\Application Data\~18800436r\*.* /s >

< C:\Documents and Settings\All Users\Application Data\~18800436\*.* /s >

< C:\Documents and Settings\All Users\Application Data\~19390260r\*.* /s >

< C:\Documents and Settings\All Users\Application Data\~19390260\*.* /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\1802E /s >
"imagepath" = \??\globalroot\systemroot\system32\drivers\1802E.sys
"type" = 1

< End of report >


Thanks oldman960 :bigthumb:

oldman960
2012-05-17, 19:15
Hi JonDou,

Let's see if we can get the connection back.

1.Right-click My Computer, and then click Properties.
2.Click the Hardware tab, and then click Device Manager.
3.expand Network adapter(s) by clicking the + sign
4. Right click the network adapter, and then click Uninstall.
5.Restart the computer, and then let the system automatically detect and install the network adapter drivers.

Icons back? Can you connect?

JonDou
2012-05-18, 19:23
Hi oldman960 :bigthumb:

OK... so I did check in device manager/network adapters and there is only few of them listed:
1394 Net Adapter
AVG miniport driver - which has a yellow circle with ! in it
AVG miniport driver #2 - which has a yellow circle with ! in it
AVG miniport driver #3 - which has a yellow circle with ! in it
Realtek PCIe GBE Family Controller

That's all I've got listed there. Which one is a Network Adapter? I think it's not listed at all.
I went to Services and Applications/Services and there are 9 services started only. When I tried to start the Network Connection manualy, it showed error 1084:

"Could not start the Network Connections service on this computer.
Error 1804: This service cannot be started in Safe Mode"

and when I tried to start others... I get the same thing.:blink:

:confused: It's like the computer thinks it's in the Safe Mode or something.

JonDou
2012-05-18, 19:40
Hi oldman960 :bigthumb:

I found this browsing the net for an answer:
I'm sry... don't know if I'm allowed to post the link, but its a forum and aparently they have found the answer to this :

http://www.petri.co.il/forums/showthread.php?t=23032&page=2

posts 11 - 14. What do you think?

oldman960
2012-05-20, 04:29
Hi JonDou,

Sorry about the delay, I had a work schedule change.

The keys looked ok in the last combofix log but we can look again.

Did you try the fix in the link you posted? If not before trying it let's see if the problem does indeed lie there.

Next

Please open OTL.


Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)

In the window under Custom Scans/Fixes copy and paste the following (do not copy the word Code)


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment|SAFEBOOT_OPTION /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

JonDou
2012-05-20, 16:10
Hi oldman960 :bigthumb:

No need to appologise :). I'm happy you're helping me with this :).
No, I haven't tried that fix yet. I wanted to see what do You think about it. Here is the OTL.Txt you've asked for :)

OTL.Txt

OTL logfile created on: 20-May-2012 9:03:55 PM - Run 3
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 83.77% Memory free
5.34 Gb Paging File | 4.83 Gb Available in Paging File | 90.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 50.80 Gb Free Space | 34.06% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 17.24 Gb Free Space | 12.87% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option /s >
"OptionValue" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot /s >
"AlternateShell" = cmd.exe -- [2008-04-14 05:42:16 | 000,389,120 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
"" = FSFilter System Recovery
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
"" = Universal Serial Bus controllers
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"" = CD-ROM Drive
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"" = DiskDrive
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
"" = Standard floppy disk controller
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
"" = Hdc
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
"" = Keyboard
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
"" = Mouse
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
"" = PCMCIA Adapters
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
"" = SCSIAdapter
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
"" = System
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
"" = Floppy disk drive
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
"" = Volume shadow copy
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"" = Volume
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
"" = Human Interface Devices
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hitmanpro35]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hitmanpro35.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HitmanPro35Crusader]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
"" = FSFilter System Recovery
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
"" = Universal Serial Bus controllers
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"" = CD-ROM Drive
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"" = DiskDrive
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
"" = Standard floppy disk controller
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
"" = Hdc
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
"" = Keyboard
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
"" = Mouse
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
"" = Net -- [2008-04-14 05:42:30 | 000,042,496 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
"" = NetClient
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
"" = NetService
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
"" = NetTrans
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
"" = PCMCIA Adapters
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
"" = SCSIAdapter
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
"" = System
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
"" = Floppy disk drive
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"" = Volume
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
"" = Human Interface Devices
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]
"OptionValue" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment|SAFEBOOT_OPTION /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\SAFEBOOT_OPTION: MINIMAL

< End of report >

Thanks :)

oldman960
2012-05-20, 18:30
Hi JonDou,

Just want to confirm something with you.

According to the OTL log the scan was ran from safe mode. Before you ran the scan did you in fact boot the computer to Normal Windows? There are a couple of entries that should not be there in normal windows but may appear if the computer was booted to safe mode.

JonDou
2012-05-21, 01:59
Hi oldman960 :bigthumb:

I did boot it to Normal Wnidows Mode, but computer thinks it's in the Safe Mode, and started only few services. I don't do anything extra... just boot the comp, and it seems like it is in a Normal, but I guess it isn't :).

oldman960
2012-05-21, 02:15
Hi JonDou,


Let's see if this will sort things out.

Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :



:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"SAFEBOOT_OPTION"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]



Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer, make sure you boot to normal windiws.
Please post the OTL fix log.

After you have rebooted your computer rerun OTL:


Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)

In the window under Custom Scans/Fixes copy and paste the following (do not copy the word Code)


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment|SAFEBOOT_OPTION /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

JonDou
2012-05-21, 09:53
Hi oldman960 :bigthumb:

YEEESSSS... I got it back and running in Normal Windows Mode and with the internet conncetion as well :yahoo:. Thanks oldman960 :). Was it problem with that OPTION registry? I saw they were deleted succesfully :).

I tried to open C: and Windows Explorer crashed again :sad:, but it showed a message (windows error reporting) with the possible answer to the problem.

Message follows:


Address a problem with video playback
There was a problem with the software used for video playback on your computer. The name of the software is ffdshow. This type of software is often referred to as a codec.

To try to solve this problem, follow these steps. One step might solve the problem, but if it doesn't, then go on to the next step.

1.Click to go to the ffdshow website to check for and install ffdshow.ax updates
2.Use the regsvr32 command to unregister ffdshow.ax

If you don't know which program is causing this problem, you can remove ffdshow.ax from the list of installed codecs by unregistering it.

Warning
Disabling ffdshow.ax will cause any programs that depend on the codec to stop working or lose functionality.

a. Click Start, point to All Programs, point to Accessories, and then click Command Prompt.
At the command prompt, type regsvr32 /u ffdshow.ax, and then press ENTER. ffdshow.ax is now unregistered.

What should I do if the regsvr32 command fails or returns an error?

If the steps to disable the ffdshow.ax did not work, you can try renaming the file to disable it.

-Click Start, and then click Search.

-Choose All files and folders, and then, in the All or part of the file name field, type ffdshow.ax.

-Click Search.

-When ffdshow.ax appears in the results, right-click the file, and then click Rename.

-Rename the file (for example, change the name to ffdshow.ax.old). Remember the file name so you can re-enable it later if you need to.

If these steps don't solve the problem and you continue to receive problem reports, please consider filling out the survey at the bottom of this page. To help us continue to investigate this error, include the names of the add-ons that are currently enabled in Internet Explorer in the comments area of the survey.

I went to see if there is an update for that codec and there is :).
Here are the Fix and scan logs you asked for :).


OTLFix.Txt

========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\SAFEBOOT_OPTION deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option\ deleted successfully.

OTL by OldTimer - Version 3.2.43.0 log created on 05212012_140939


and OTLScan.Txt

OTL logfile created on: 21-May-2012 2:18:25 PM - Run 4
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 70.28% Memory free
5.34 Gb Paging File | 4.43 Gb Available in Paging File | 82.97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 50.73 Gb Free Space | 34.02% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 17.24 Gb Free Space | 12.87% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot /s >
"AlternateShell" = cmd.exe -- [2008-04-14 05:42:16 | 000,389,120 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
"" = FSFilter System Recovery
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
"" = Universal Serial Bus controllers
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"" = CD-ROM Drive
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"" = DiskDrive
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
"" = Standard floppy disk controller
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
"" = Hdc
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
"" = Keyboard
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
"" = Mouse
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
"" = PCMCIA Adapters
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
"" = SCSIAdapter
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
"" = System
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
"" = Floppy disk drive
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
"" = Volume shadow copy
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"" = Volume
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
"" = Human Interface Devices
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hitmanpro35]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hitmanpro35.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HitmanPro35Crusader]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
"" = FSFilter System Recovery
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
"" = Driver Group
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys]
"" = Driver
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
"" = Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
"" = Universal Serial Bus controllers
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"" = CD-ROM Drive
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"" = DiskDrive
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
"" = Standard floppy disk controller
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
"" = Hdc
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
"" = Keyboard
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
"" = Mouse
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
"" = Net -- [2008-04-14 05:42:30 | 000,042,496 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
"" = NetClient
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
"" = NetService
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
"" = NetTrans
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
"" = PCMCIA Adapters
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
"" = SCSIAdapter
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
"" = System
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
"" = Floppy disk drive
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
"" = Volume
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
"" = Human Interface Devices

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment|SAFEBOOT_OPTION /rs >

< End of report >

oldman960
2012-05-21, 18:17
Hi JonDou,

Yes somehow, not sure why, the entries had been added to the registry.

It's nice when you get an error message to work with. Try updating the software since there is an update available.

Let me know how it goes.


I don't think having the CD emulator disabled will cause the problem but you can see if Defogger will re-enable it. The disbled file is still on your computer so Defogger should work to re-enable the service. If not we can do it manually.

Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

JonDou
2012-05-22, 18:06
YAAAHOooooo :) :yahoo: oldman960 :bigthumb:

All good here :).
I can open C: without any problems after I updated that ffdshow codec, re-enabled Emulation drivers and everything seems fine here. I can't beleive You cleaned it :). I thought at the end I would have to reinstall the whole OS, 'cause it looked that bad before I even posted in this forum. I'll definately spread a word about you guys and put a moderate donation to support hard work of the Spybot team.
I would like to thank you enormously :thanks::thanks::thanks::thanks: for helping me with these issues. Just tell me the final words that it's all good :bigthumb:

oldman960
2012-05-22, 18:44
Hi JonDou,

Good job and you are very welcome. Glad to have been able to help you.

Let's reset System Restore, no point in having one with those registry entries in it.

* Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point
click create

* Remove old restore points


Go to Start - All Programs - Accessories - system tools.
Launch the Disk Cleanup tool and let it run.
When it finishes a box with tabs will appear, select the more options tab.
On this tab you will find a section for System Restore.
If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.


Delete any notepads we may have created. Open OTL and click the CleanUp button, it will remove itself.

Post back if you have any problems.

JonDou
2012-05-24, 10:59
Hi oldman960 :bigthumb:

Done all of that :)
Thank you again, so much :)... 5 stars for You !
Have a nice one :)

oldman960
2012-05-26, 02:39
Since this issue appears to be resolved ... this Topic has been closed.