Another IDP.Trojan.1C8D1A13 and Crypt.AQLW infection...please help

[JonDou]

Hi, If You could help me out with this one, please.

I have read few post here about the same problem here and I'm glad that in some cases you guys have sort the problem out . Nice work there. I just hope I'll be lucky to have the same results after this .

Anyway, I have free AVG AV and it reported trojans couple of days ago (lots of them !!!) They keep poping up after every boot and I kept sending them to the virus vault as sugested by AVG. I have a redirecting browser problem as well, but that eases up after AVG does its work, but doesn't go away. Sometimes the new IE window opens on its own with shoping, vehicle sale or job oportunity website... etc.

I followed the thread "before you post dss log" and I did pretty much all, but what happened there is: I have backed up the registry with ERUNT and downloaded dds tool, saved it on the desktop and run it. As soon as DDS finished with the scan and showed me the log, AVG reported something as threat - a trojan (I think it was MBR.DAT if it's of any use to you ) and sugested to move it to the vault. I have copy/paste the log results into the new notepad window and saved it on the desktop by the name ddslog (just in case )and sent the file to virus vault. When I did that, dds.exe icon along with the dds log file disappeared from my desktop.

I'm sending the log results and attached ziped "attach.txt" file with this post. Just one thing uncleared. Should I disable spybot tea timer now or should I have done it before the scan ...sry? Can I turn my computer off?

Thank you for having the time for us.

dds log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32
Run by Goran at 14:24:29 on 2012-05-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2333 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GameTracker\GSInGameService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {089FD14D-132B-48FC-8861-0048AE113215} - No File
{17313704-4a6f-4a90-b799-9a0ecd442850}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
{21893045-fd23-4839-8079-751626c13bd9}
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: PhotoPos Toolbar: {5d0ec45b-d2e4-4dd0-a5b2-69ddefe852a8} - c:\program files\photoposcomtbr\PhotoposComTbrLib.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: IplexToALLPlayer: {df925ef3-7a87-44e4-9caf-8d7b280bf616} - c:\progra~1\allpla~1\iplex\IPLEXT~1.DLL
BHO: {e5deed4b-f298-4211-a480-2a963cf87dc5} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{f08f5390-b47d-4517-aa17-1bcc9ed22183}
{f3730a1f-b98c-4188-96fd-daf6a9fdac3a}
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PhotoPos Toolbar: {5d0ec45b-d2e4-4dd0-a5b2-69ddefe852a8} - c:\program files\photoposcomtbr\PhotoposComTbrLib.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SAOB Monitor] c:\program files\acronis\onlinebackupstandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\goran\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\goran\start menu\programs\startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Kodak EasyShare software.lnk.disabled
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Enviar para o OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\goran\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\funnsystems yump3com-user-authorization\YuMp3ComLogin.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: windowslivehelp.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Turbo%20Pizza/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7} : NameServer = 192.168.1.1,198.168.1.1
TCP: Interfaces\{D313AD3B-2A3F-4708-93FA-5AA7A28B9671} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvUOhhf
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\goran\application data\mozilla\firefox\profiles\io5uagfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 AvgRkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-4-26 752128]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-18 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-30 116608]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-4-26 3246040]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 GS In-Game Service;GS In-Game Service;c:\program files\gametracker\GSInGameService.exe [2011-11-10 1677072]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-29 275968]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-4-26 167968]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-2-13 101904]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-1-18 19056]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys --> c:\windows\system32\drivers\spyemrg.sys [?]
S2 avg7updsvc;KR3NPXP;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 gupdate1c9891f144d5a58;Google Update Service (gupdate1c9891f144d5a58);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]
S2 GV600_4;Vpcbus;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-5-10 8192]
S2 mcpromgr;VX3000;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 MpFilter;Smbusp;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 mpfirewl;Incdsrv;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 rt2870;Ftrtsvc;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253088]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-3 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-3 3072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2007-7-27 14336]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-5-18 25088]
.
=============== Created Last 30 ================
.
2012-05-04 15:01:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 15:01:11 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-02 12:19:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-30 03:14:53 -------- d-----w- c:\documents and settings\goran\application data\ooVoo Details
2012-04-30 03:13:45 -------- d-----w- c:\documents and settings\goran\local settings\application data\APN
2012-04-29 16:13:03 118318 ----a-w- c:\windows\Photo Pos Pro Collage Templates Pack Uninstaller.exe
2012-04-29 16:09:05 -------- d-----w- c:\documents and settings\goran\application data\Photopos
2012-04-29 16:09:03 -------- d-----w- c:\program files\PhotoposComTbr
.
==================== Find3M ====================
.
2012-05-04 15:01:00 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-29 07:12:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 07:12:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 07:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-15 13:02:23 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-15 13:02:18 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-15 13:02:18 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-15 12:51:16 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-14 12:47:02 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-14 12:20:58 682280 ----a-w- c:\windows\system32\pbsvc.exe
2012-02-13 10:28:46 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-07 03:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-05 07:41:10 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
.
============= FINISH: 14:25:44.98 ===============

[oldman960]

Hi JonDou, welcome to the forum.

To make cleaning this machine easier

• Please do not uninstall/install any programs unless asked to
  It is more difficult when files/programs are appearing in/disappearing from the logs.
• Please do not run any scans other than those requested
• Please follow all instructions in the order posted
• All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
• Do not attach any logs/reports, etc.. unless specifically requested to do so.
• If you have problems with or do not understand the instructions, Please ask before continuing.
• Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Download OTL to your desktop.

• Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output
• Check the boxes beside LOP Check and Purity Check.
• In the window under Custom Scans/Fixes copy and paste the following
  
  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\Fonts\*.com
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\Fonts\*.exe
  %systemroot%\system32\spool\prtprocs\w32x86\*.*
  %systemroot%\REPAIR\*.bak1
  %systemroot%\REPAIR\*.ini
  %systemroot%\system32\*.jpg
  %systemroot%\*.jpg
  %systemroot%\*.png
  %systemroot%\*.scr
  %systemroot%\*._sy
  %APPDATA%\Adobe\Update\*.*
  %ALLUSERSPROFILE%\Favorites\*.*
  %APPDATA%\Microsoft\*.*
  %PROGRAMFILES%\*.*
  %APPDATA%\Update\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  %PROGRAMFILES%\bak. /s
  %systemroot%\system32\bak. /s
  %ALLUSERSPROFILE%\Start Menu\*.lîk /x
  %systemroot%\system32\config\systemprofile\*.dat /x
  %systemroot%\*.config
  %systemroot%\system32\*.db
  %PROGRAMFILES%\Internet Explorer\*.dat
  %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
  %USERPROFILE%\Desktop\*.exe
  %PROGRAMFILES%\Common Files\*.*
  %systemroot%\*.src
  %systemroot%\install\*.*
  %systemroot%\system32\DLL\*.*
  %systemroot%\system32\HelpFiles\*.*
  %systemroot%\system32\rundll\*.*
  %systemroot%\winn32\*.*
  %systemroot%\Java\*.*
  %systemroot%\system32\test\*.*
  %systemroot%\system32\Rundll32\*.*
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  %USERPROFILE%\..|smtmp;true;true;true /FP
  %temp%\smtmp\*.* /s >
  /md5start
  iexplore.*
  explorer.*
  winlogon.*
  dll
  zx.dll
  hlp.dat
  consrv.dll
  /md5stop
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


Next

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it. If asked to download Avast's database please do so.

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please post back with

• both OTL logs
• aswMBR log

[JonDou]

Hi oldman960 and thank You so much for taking this thing on.
I'm having problem with the whole PC now. It freezes after a few minutes of reboot. I tried to open this thread and follow the instruction, but it wont let me. Last time I managed to open the IE window and that was it. It freezed on me.
I tried few times to restart my PC, but it kept freezing on me. I rebooted the PC and have copied otl.exe and aswMBR.exe on a usb flash from my old laptop and transfered them to the desktop of affected PC. Double clicked the otl.exe and quickly set the scan options as you told me to, but the scan (the whole PC) freezed somewhere in the middle... it says: scanning modules... and that's it. Do I reset/reboot the PC and try again - this time a bit quicker (if I manage) or what?
Not a good start here on my side , ha ?

[oldman960]

Hi JonDou,

Let's try the scans in Safe Mode.

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

[JonDou]

Hi oldman960 , thanks again for following this.

Ok,... I did a scan in Safe Mode and here are the results:

OTL.txt

OTL logfile created on: 07-May-2012 3:15:40 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 3.13 Gb Available Physical Memory | 89.45% Memory free
5.33 Gb Paging File | 5.23 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 41.14 Gb Free Space | 27.58% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 14.77 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS
Drive J: | 951.62 Mb Total Space | 946.52 Mb Free Space | 99.46% Space Free | Partition Type: FAT32

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Goran\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\GSC\CtxMenu.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (zntport) -- %systemroot%\system32\pdlnsv25.dll File not found
SRV - (zenos1) -- %systemroot%\system32\egathdrv.dll File not found
SRV - (yukonwlh) -- %systemroot%\system32\tga.dll File not found
SRV - (WNCPKT) -- %systemroot%\system32\mr2kserv.dll File not found
SRV - (wg5n) -- %systemroot%\system32\W8100PCI.dll File not found
SRV - (websensecpmcommunicationagent) -- %systemroot%\system32\VAIOMediaPlatform-MusicServer-HTTP.dll File not found
SRV - (webcompserver) -- %systemroot%\system32\vstor2.dll File not found
SRV - (VRADFIL) -- %systemroot%\system32\usb_rndisx.dll File not found
SRV - (vaiomediaplatform-integratedserver-appserver) -- %systemroot%\system32\CAMFLT.dll File not found
SRV - (V0080Dev) -- %systemroot%\system32\elbycdio.dll File not found
SRV - (utilman) -- %systemroot%\system32\mfcom.dll File not found
SRV - (USIUDF) -- %systemroot%\system32\lyncusbserv.dll File not found
SRV - (usbser) -- %systemroot%\system32\cisvc.dll File not found
SRV - (tpkmpsvc) -- %systemroot%\system32\hsf_dpv.dll File not found
SRV - (TOSHIBASoftModem) -- %systemroot%\system32\avgems.dll File not found
SRV - (toddsrv) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
SRV - (TMHIDSRV) -- %systemroot%\system32\hwpsgt.dll File not found
SRV - (susbser) -- %systemroot%\system32\LVCap138.dll File not found
SRV - (slservice) -- %systemroot%\system32\lxct_device.dll File not found
SRV - (Si3114r5) -- %systemroot%\system32\ser2pl.dll File not found
SRV - (sfdrv01) -- %systemroot%\system32\AN983.dll File not found
SRV - (SetupSys) -- %systemroot%\system32\AIRPLUS.dll File not found
SRV - (serialkeys) -- %systemroot%\system32\VrAcFil.dll File not found
SRV - (se59nd5) -- %systemroot%\system32\acdpowerservice.dll File not found
SRV - (se58mgmt) -- %systemroot%\system32\iaimfp0.dll File not found
SRV - (se2End5) -- %systemroot%\system32\aswlsvc.dll File not found
SRV - (s716bus) -- %systemroot%\system32\protectionservice.dll File not found
SRV - (s3savagemx) -- %systemroot%\system32\oracle_load_balancer_60_client-forms6i.dll File not found
SRV - (rt2870) -- %systemroot%\system32\HIDSwvd.dll File not found
SRV - (pivot) -- %systemroot%\system32\CTSBLFX.DLL.dll File not found
SRV - (pdlndldl) -- %systemroot%\system32\mwsarcpkt.dll File not found
SRV - (PCTINDIS5) -- %systemroot%\system32\rpcnet.dll File not found
SRV - (oraclewebassistant) -- %systemroot%\system32\hmonitor.dll File not found
SRV - (oracleorahomemanagementserver) -- %systemroot%\system32\Epiusb.dll File not found
SRV - (oracleoradb10g_home1isql*plus) -- %systemroot%\system32\USB11LDR.dll File not found
SRV - (omniusbl) -- %systemroot%\system32\inorpc.dll File not found
SRV - (NxSysMon) -- %systemroot%\system32\qmofiltr.dll File not found
SRV - (NWFILTER) -- %systemroot%\system32\aniwzcsdservice.dll File not found
SRV - (nvrd64) -- %systemroot%\system32\logonsvcid.dll File not found
SRV - (mssql$sony_mediamgr) -- %systemroot%\system32\WscNetDr.dll File not found
SRV - (msgame) -- %systemroot%\system32\ctxcpubal.dll File not found
SRV - (mps9) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
SRV - (mpfirewl) -- %systemroot%\system32\avcgbdr.dll File not found
SRV - (MpFilter) -- %systemroot%\system32\siside.dll File not found
SRV - (mi-raysat_3dsmax8) -- %systemroot%\system32\MA_CMIDI.dll File not found
SRV - (mhndrv) -- %systemroot%\system32\alerter.dll File not found
SRV - (mcpromgr) -- %systemroot%\system32\mcrdsvc.dll File not found
SRV - (mcods) -- %systemroot%\system32\HabuFltr.dll File not found
SRV - (maxbackserviceint) -- %systemroot%\system32\ndassvc.dll File not found
SRV - (licensemanagersocket) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
SRV - (L6POD) -- %systemroot%\system32\mldserv.dll File not found
SRV - (L1e) -- %systemroot%\system32\s24eventmonitor.dll File not found
SRV - (keriomailserver) -- %systemroot%\system32\meiudf.dll File not found
SRV - (k750mgmt) -- %systemroot%\system32\usbvm321.dll File not found
SRV - (ixiaendpoint) -- %systemroot%\system32\pinnaclesys.mediaserver.dll File not found
SRV - (ipssvc) -- %systemroot%\system32\dtsrvc.dll File not found
SRV - (iPassP) -- %systemroot%\system32\battc.dll File not found
SRV - (ifxtcs) -- %systemroot%\system32\OEM02Afx.dll File not found
SRV - (ifp800) -- %systemroot%\system32\cpqdmi.dll File not found
SRV - (IBM_LLC2) -- %systemroot%\system32\a016mdfl.dll File not found
SRV - (HSFHWALI) -- %systemroot%\system32\rimvserport.dll File not found
SRV - (HPFECP20) -- %systemroot%\system32\dm1service.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (GVCplDrv) -- %systemroot%\system32\btserial.dll File not found
SRV - (GV600_4) -- %systemroot%\system32\portmapper.dll File not found
SRV - (giveio) -- %systemroot%\system32\Wpsnuio.dll File not found
SRV - (ghoststartservice) -- %systemroot%\system32\Slntamr.dll File not found
SRV - (fsRamDsk) -- %systemroot%\system32\monfilt.dll File not found
SRV - (dot4ufd) -- %systemroot%\system32\TMBMServer.dll File not found
SRV - (dm1service) -- %systemroot%\system32\e1express.dll File not found
SRV - (dlaifs_m) -- %systemroot%\system32\SED133x.dll File not found
SRV - (delldmi) -- %systemroot%\system32\AsIO.dll File not found
SRV - (DCamUSBSQTECH) -- %systemroot%\system32\mferkdk.dll File not found
SRV - (db2ntsecserver) -- %systemroot%\system32\SNP2STD.dll File not found
SRV - (cwcspud) -- %systemroot%\system32\fastfat.dll File not found
SRV - (cmpci) -- %systemroot%\system32\prevxagent.dll File not found
SRV - (cics.region2) -- %systemroot%\system32\ccsetmgr.dll File not found
SRV - (cfosspeeds) -- %systemroot%\system32\MaxtorFrontPanel1.dll File not found
SRV - (CcmExec) -- %systemroot%\system32\w200mgmt.dll File not found
SRV - (cccredmgr) -- %systemroot%\system32\s217unic.dll File not found
SRV - (btnhnd) -- %systemroot%\system32\SECYPUSB.dll File not found
SRV - (btfirst) -- %systemroot%\system32\IOSLINK.dll File not found
SRV - (BsHelpCS) -- %systemroot%\system32\vmauthdservice.dll File not found
SRV - (blueletscoaudio) -- %systemroot%\system32\F700imd.dll File not found
SRV - (bdrsdrv) -- %systemroot%\system32\savrtpel.dll File not found
SRV - (bdfsfltr) -- %systemroot%\system32\USB_RNDIS.dll File not found
SRV - (avidstartup) -- %systemroot%\system32\symredrv.dll File not found
SRV - (avg7updsvc) -- %systemroot%\system32\rnadirectory.dll File not found
SRV - (atimpab) -- %systemroot%\system32\Freedom.dll File not found
SRV - (ASMMAP) -- %systemroot%\system32\portio.dll File not found
SRV - (ARCSOFTVIRTUALCAPTURE) -- %systemroot%\system32\enxpsvc.dll File not found
SRV - (ar5211) -- %systemroot%\system32\idrivert.dll File not found
SRV - (AmdIde) -- %systemroot%\system32\BRGSp50.dll File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (2wirepcp) -- %systemroot%\system32\zpcollector.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (GS In-Game Service) -- C:\Program Files\GameTracker\GSInGameService.exe (ClanServers Hosting LLC)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (KMService) -- C:\WINDOWS\system32\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (SpyEmrg) -- System32\Drivers\spyemrg.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PciCon) -- E:\PciCon.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aflkpxw0) -- File not found
DRV - (1802E) -- globalroot\C:\WINDOWS\system32\drivers\1802E.sys File not found
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgRkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MRxSmb) -- C:\WINDOWS\system32\drivers\mrxsmb.sys ()
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\WINDOWS\system32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (Video3D) -- C:\WINDOWS\system32\drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (Lvckap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\URLSearchHook: {511131f1-4629-4254-a85f-ed7b6d75dd3c} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1455F202-242E-4872-9700-182595B04230}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=chr-vmn&type=photopos2_0yach&q={searchTerms}
IE - HKCU\..\SearchScopes\{7400AA93-E276-4810-886F-5F5A9DDC3FD6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNWQ_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={60F607CC-7962-4103-A140-A4612667239E}&mid=44fe0b7a735675b2c18c7d77bd9a4579-0ea5e905f1d14e46bc4439e0ddc6c448b29e541b&lang=en&ds=AVG&pr=fr&d=2011-10-26 19:36:50&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=0&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-10-26 13:57:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-02-01 18:58:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012-03-12 20:07:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-02 19:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-04 23:01:11 | 000,000,000 | ---D | M]

[2010-10-02 00:30:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions
[2011-08-27 20:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009-12-23 13:11:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012-05-04 23:04:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions
[2011-11-06 08:18:06 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-10-28 18:20:38 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-04-30 00:09:10 | 000,000,000 | ---D | M] (PhotoPos Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}
[2012-05-03 22:12:19 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011-08-17 21:37:03 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\aol-web-search.xml
[2011-02-01 19:05:08 | 000,002,333 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\askcom.xml
[2008-03-16 09:00:27 | 000,002,386 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\siteadvisor.xml
[2011-02-19 19:31:14 | 000,001,244 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\winamp-search.xml
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-04-22 18:19:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-05-31 20:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2011-12-01 20:06:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-07-12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012-03-12 20:07:48 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011-12-01 20:06:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! Search (Enabled)
CHR - default_search_provider: search_url = http://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_au&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2012-05-03 00:16:03 | 000,442,908 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - No CLSID value found.
O2 - BHO: (no name) - {17313704-4A6F-4A90-B799-9A0ECD442850} - No CLSID value found.
O2 - BHO: (no name) - {21893045-FD23-4839-8079-751626C13BD9} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O2 - BHO: (no name) - {e5deed4b-f298-4211-a480-2a963cf87dc5} - No CLSID value found.
O2 - BHO: (no name) - {F08F5390-B47D-4517-AA17-1BCC9ED22183} - No CLSID value found.
O2 - BHO: (no name) - {F3730A1F-B98C-4188-96FD-DAF6A9FDAC3A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Goran\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O9 - Extra 'Tools' menuitem : &Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: windowslivehelp.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/downlo...elpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/Driver...aSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Turbo%20Pizza/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7}: NameServer = 192.168.1.1,198.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D313AD3B-2A3F-4708-93FA-5AA7A28B9671}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\tuvUOhhf) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-02-18 21:07:08 | 000,000,600 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{26BD304E-C934-11DC-B644-806D6172696F}\bootwiz\asrm.bin)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: cfosspeeds - %systemroot%\system32\MaxtorFrontPanel1.dll File not found
NetSvcs: s716bus - %systemroot%\system32\protectionservice.dll File not found
NetSvcs: ASMMAP - %systemroot%\system32\portio.dll File not found
NetSvcs: MpFilter - %systemroot%\system32\siside.dll File not found
NetSvcs: toddsrv - \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
NetSvcs: licensemanagersocket - \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
NetSvcs: cccredmgr - %systemroot%\system32\s217unic.dll File not found
NetSvcs: utilman - %systemroot%\system32\mfcom.dll File not found
NetSvcs: icepack - File not found
NetSvcs: W2acehid - File not found
NetSvcs: adsservice - File not found
NetSvcs: nv4 - File not found
NetSvcs: CdaD10BA - File not found
NetSvcs: nvstor32 - File not found
NetSvcs: imountsrv - File not found
NetSvcs: passthru - File not found
NetSvcs: PTproct - File not found
NetSvcs: dlaudfam - File not found
NetSvcs: rchost - File not found
NetSvcs: XAudio - File not found
NetSvcs: NWDHCP - File not found
NetSvcs: ScFBPNT3 - File not found
NetSvcs: lvsrvlauncher - File not found
NetSvcs: lxrjd31s - File not found
NetSvcs: FireTDI - File not found
NetSvcs: amusbprt - File not found
NetSvcs: DumaNT - File not found
NetSvcs: SED133x - File not found
NetSvcs: picturetaker - File not found
NetSvcs: dmprimer - File not found
NetSvcs: CA561 - File not found
NetSvcs: BTSLBCSP - File not found
NetSvcs: BUFADPT - File not found
NetSvcs: scsk4 - File not found
NetSvcs: WIBUKEY - File not found
NetSvcs: procexp111 - File not found
NetSvcs: iteatapi - File not found
NetSvcs: avupdsvc - File not found
NetSvcs: winpppoverethernet - File not found
NetSvcs: websensedcagent - File not found
NetSvcs: ARCSOFTVIRTUALCAPTURE - %systemroot%\system32\enxpsvc.dll File not found
NetSvcs: se59nd5 - %systemroot%\system32\acdpowerservice.dll File not found
NetSvcs: avg7updsvc - %systemroot%\system32\rnadirectory.dll File not found
NetSvcs: ifp800 - %systemroot%\system32\cpqdmi.dll File not found
NetSvcs: bdrsdrv - %systemroot%\system32\savrtpel.dll File not found
NetSvcs: pivotmou - File not found
NetSvcs: vcommmgr - File not found
NetSvcs: tbhsd - File not found
NetSvcs: ZY202_XP - File not found
NetSvcs: wm - File not found
NetSvcs: R300 - File not found
NetSvcs: giveio - %systemroot%\system32\Wpsnuio.dll File not found
NetSvcs: websensecpmcommunicationagent - %systemroot%\system32\VAIOMediaPlatform-MusicServer-HTTP.dll File not found
NetSvcs: oraclewebassistant - %systemroot%\system32\hmonitor.dll File not found
NetSvcs: oracleoradb10g_home1isql*plus - %systemroot%\system32\USB11LDR.dll File not found
NetSvcs: dm1service - %systemroot%\system32\e1express.dll File not found
NetSvcs: dot4ufd - %systemroot%\system32\TMBMServer.dll File not found
NetSvcs: PCTINDIS5 - %systemroot%\system32\rpcnet.dll File not found
NetSvcs: keriomailserver - %systemroot%\system32\meiudf.dll File not found
NetSvcs: zenos1 - %systemroot%\system32\egathdrv.dll File not found
NetSvcs: tpkmpsvc - %systemroot%\system32\hsf_dpv.dll File not found
NetSvcs: mcods - %systemroot%\system32\HabuFltr.dll File not found
NetSvcs: AmdIde - %systemroot%\system32\BRGSp50.dll File not found
NetSvcs: yukonwlh - %systemroot%\system32\tga.dll File not found
NetSvcs: dlaifs_m - %systemroot%\system32\SED133x.dll File not found
NetSvcs: NxSysMon - %systemroot%\system32\qmofiltr.dll File not found
NetSvcs: nvrd64 - %systemroot%\system32\logonsvcid.dll File not found
NetSvcs: btfirst - %systemroot%\system32\IOSLINK.dll File not found
NetSvcs: usbser - %systemroot%\system32\cisvc.dll File not found
NetSvcs: se58mgmt - %systemroot%\system32\iaimfp0.dll File not found
NetSvcs: L1e - %systemroot%\system32\s24eventmonitor.dll File not found
NetSvcs: slservice - %systemroot%\system32\lxct_device.dll File not found
NetSvcs: HPFECP20 - %systemroot%\system32\dm1service.dll File not found
NetSvcs: ghoststartservice - %systemroot%\system32\Slntamr.dll File not found
NetSvcs: k750mgmt - %systemroot%\system32\usbvm321.dll File not found
NetSvcs: avidstartup - %systemroot%\system32\symredrv.dll File not found
NetSvcs: se2End5 - %systemroot%\system32\aswlsvc.dll File not found
NetSvcs: HSFHWALI - %systemroot%\system32\rimvserport.dll File not found
NetSvcs: SetupSys - %systemroot%\system32\AIRPLUS.dll File not found
NetSvcs: db2ntsecserver - %systemroot%\system32\SNP2STD.dll File not found
NetSvcs: omniusbl - %systemroot%\system32\inorpc.dll File not found
NetSvcs: msgame - %systemroot%\system32\ctxcpubal.dll File not found
NetSvcs: s3savagemx - %systemroot%\system32\oracle_load_balancer_60_client-forms6i.dll File not found
NetSvcs: IBM_LLC2 - %systemroot%\system32\a016mdfl.dll File not found
NetSvcs: atimpab - %systemroot%\system32\Freedom.dll File not found
NetSvcs: wg5n - %systemroot%\system32\W8100PCI.dll File not found
NetSvcs: webcompserver - %systemroot%\system32\vstor2.dll File not found
NetSvcs: mi-raysat_3dsmax8 - %systemroot%\system32\MA_CMIDI.dll File not found
NetSvcs: BsHelpCS - %systemroot%\system32\vmauthdservice.dll File not found
NetSvcs: iPassP - %systemroot%\system32\battc.dll File not found
NetSvcs: ar5211 - %systemroot%\system32\idrivert.dll File not found
NetSvcs: NWFILTER - %systemroot%\system32\aniwzcsdservice.dll File not found
NetSvcs: Si3114r5 - %systemroot%\system32\ser2pl.dll File not found
NetSvcs: L6POD - %systemroot%\system32\mldserv.dll File not found
NetSvcs: mhndrv - %systemroot%\system32\alerter.dll File not found
NetSvcs: fsRamDsk - %systemroot%\system32\monfilt.dll File not found
NetSvcs: oracleorahomemanagementserver - %systemroot%\system32\Epiusb.dll File not found
NetSvcs: btnhnd - %systemroot%\system32\SECYPUSB.dll File not found
NetSvcs: serialkeys - %systemroot%\system32\VrAcFil.dll File not found
NetSvcs: susbser - %systemroot%\system32\LVCap138.dll File not found
NetSvcs: pivot - %systemroot%\system32\CTSBLFX.DLL.dll File not found
NetSvcs: blueletscoaudio - %systemroot%\system32\F700imd.dll File not found
NetSvcs: GV600_4 - %systemroot%\system32\portmapper.dll File not found
NetSvcs: pdlndldl - %systemroot%\system32\mwsarcpkt.dll File not found
NetSvcs: GVCplDrv - %systemroot%\system32\btserial.dll File not found
NetSvcs: TOSHIBASoftModem - %systemroot%\system32\avgems.dll File not found
NetSvcs: cwcspud - %systemroot%\system32\fastfat.dll File not found
NetSvcs: vaiomediaplatform-integratedserver-appserver - %systemroot%\system32\CAMFLT.dll File not found
NetSvcs: cics.region2 - %systemroot%\system32\ccsetmgr.dll File not found
NetSvcs: cmpci - %systemroot%\system32\prevxagent.dll File not found
NetSvcs: 2wirepcp - %systemroot%\system32\zpcollector.dll File not found
NetSvcs: V0080Dev - %systemroot%\system32\elbycdio.dll File not found
NetSvcs: DCamUSBSQTECH - %systemroot%\system32\mferkdk.dll File not found
NetSvcs: zntport - %systemroot%\system32\pdlnsv25.dll File not found
NetSvcs: TMHIDSRV - %systemroot%\system32\hwpsgt.dll File not found
NetSvcs: bdfsfltr - %systemroot%\system32\USB_RNDIS.dll File not found
NetSvcs: mpfirewl - %systemroot%\system32\avcgbdr.dll File not found
NetSvcs: efs - File not found
NetSvcs: webrootadminconsole - File not found
NetSvcs: WmiAcpi - File not found
NetSvcs: smrt - File not found
NetSvcs: patrolagent - File not found
NetSvcs: USIUDF - %systemroot%\system32\lyncusbserv.dll File not found
NetSvcs: ifxtcs - %systemroot%\system32\OEM02Afx.dll File not found
NetSvcs: CcmExec - %systemroot%\system32\w200mgmt.dll File not found
NetSvcs: mcpromgr - %systemroot%\system32\mcrdsvc.dll File not found
NetSvcs: sfdrv01 - %systemroot%\system32\AN983.dll File not found
NetSvcs: rt2870 - %systemroot%\system32\HIDSwvd.dll File not found
NetSvcs: megamonitorsrv - File not found
NetSvcs: dirms_defragmentation - File not found
NetSvcs: slave - File not found
NetSvcs: adiloader - File not found
NetSvcs: lxcgcustomerconnect - File not found
NetSvcs: s125bus - File not found
NetSvcs: yats32 - File not found
NetSvcs: smartwiservice - File not found
NetSvcs: wg3n - File not found
NetSvcs: maxbackserviceint - %systemroot%\system32\ndassvc.dll File not found
NetSvcs: PSI_SVC_2 - File not found
NetSvcs: ino_fltr - File not found
NetSvcs: pdfcreatormessages - File not found
NetSvcs: eliservice - File not found
NetSvcs: ssmdrv - File not found
NetSvcs: mstdfrgs - File not found
NetSvcs: SWNC8U20 - File not found
NetSvcs: rp_fws - File not found
NetSvcs: DcPTP - File not found
NetSvcs: PAC7302 - File not found
NetSvcs: ssscsisv - File not found
NetSvcs: webdriveservice - File not found
NetSvcs: thpsrv - File not found
NetSvcs: acs - File not found
NetSvcs: avsvcmonitor - File not found
NetSvcs: Memctl - File not found
NetSvcs: wandrv - File not found
NetSvcs: tandpl - File not found
NetSvcs: bjmcmng - File not found
NetSvcs: pnarp - File not found
NetSvcs: MRV6X32P - File not found
NetSvcs: VRADFIL - %systemroot%\system32\usb_rndisx.dll File not found
NetSvcs: ixiaendpoint - %systemroot%\system32\pinnaclesys.mediaserver.dll File not found
NetSvcs: delldmi - %systemroot%\system32\AsIO.dll File not found
NetSvcs: WNCPKT - %systemroot%\system32\mr2kserv.dll File not found
NetSvcs: mssql$sony_mediamgr - %systemroot%\system32\WscNetDr.dll File not found
NetSvcs: mps9 - \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
NetSvcs: ipssvc - %systemroot%\system32\dtsrvc.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

[JonDou]

Hi oldman960

part II of OTL.txt

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

========== Files/Folders - Created Within 30 Days ==========

[2012-05-06 22:37:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-06 22:37:44 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-05 00:20:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012-05-05 00:17:27 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-04 23:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-05-04 23:01:11 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012-05-04 23:01:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012-05-04 23:01:11 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012-05-04 23:01:11 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012-05-04 23:01:11 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012-05-02 20:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012-05-02 20:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012-04-30 11:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\ooVoo Details
[2012-04-30 11:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Local Settings\Application Data\APN
[2012-04-30 00:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\Photopos
[2012-04-30 00:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoposComTbr
[2012-04-24 19:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2012-04-24 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012-04-22 18:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012-04-22 18:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011-05-15 13:47:37 | 540,639,232 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Goran\Application Data\14.0.4734.1000_ProfessionalPlus_volume_ship_x86_en-us_exe.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-05-07 15:11:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-05-07 15:03:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
[2012-05-07 15:01:19 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012-05-06 22:29:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-06 22:25:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-06 21:57:13 | 097,285,812 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012-05-05 20:05:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-05-05 19:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-05 19:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-05-05 19:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-573735546-839522115-1003UA.job
[2012-05-05 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012-05-05 17:30:22 | 000,008,960 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Attach.zip
[2012-05-05 17:20:00 | 000,001,604 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012-05-05 13:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-05 00:19:18 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-05-05 00:18:27 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\NTREGOPT.lnk
[2012-05-05 00:18:27 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\ERUNT.lnk
[2012-05-05 00:17:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-04 23:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-573735546-839522115-1003Core.job
[2012-05-04 23:11:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-04 23:01:00 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012-05-04 23:01:00 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012-05-04 23:01:00 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012-05-04 23:01:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012-05-04 23:01:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012-05-04 23:01:00 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012-05-03 23:21:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-05-03 21:20:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012-05-03 00:16:03 | 000,442,908 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-05-02 19:08:53 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120503-001603.backup
[2012-05-01 23:15:52 | 000,002,233 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Pilici.lnk
[2012-05-01 22:59:00 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WORLD OF WARCRAFT.LNK
[2012-05-01 16:59:54 | 000,387,826 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012-04-30 14:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012-04-30 00:13:03 | 000,118,318 | ---- | M] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-29 15:12:26 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-04-29 15:12:26 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-04-24 20:04:20 | 000,141,123 | ---- | M] () -- C:\WINDOWS\hpoins14.dat
[2012-04-24 19:59:13 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-04-22 20:43:24 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\Goran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-04-22 12:53:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012-04-12 00:23:30 | 000,472,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-04-12 00:23:30 | 000,090,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-04-12 00:18:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-04-11 00:39:17 | 001,228,854 | ---- | M] () -- C:\Documents and Settings\Goran\Documents\Elena balerina title.bmp
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-05-05 17:30:22 | 000,008,960 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\Attach.zip
[2012-05-05 00:19:18 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-05-05 00:18:27 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\NTREGOPT.lnk
[2012-05-05 00:18:27 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\ERUNT.lnk
[2012-05-02 20:19:20 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012-04-30 00:13:03 | 000,118,318 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-25 08:04:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012-04-24 19:59:13 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-04-11 00:39:00 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\Goran\Documents\Elena balerina title.bmp
[2012-02-13 18:28:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012-02-03 17:29:56 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011-08-21 16:36:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011-07-23 09:02:38 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2011-06-25 16:44:12 | 000,090,744 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-06-19 15:18:10 | 000,140,564 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp
[2011-06-19 15:18:10 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp
[2011-05-15 16:42:16 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\Comma Separated Values (Windows).ADR
[2011-05-10 20:30:54 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2011-05-07 13:09:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\$_hpcst$.hpc
[2011-04-12 02:36:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436r
[2011-04-12 02:36:42 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436
[2011-04-12 02:36:30 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18800436
[2011-04-11 11:59:33 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260r
[2011-04-11 11:59:33 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260
[2011-04-11 11:59:22 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19390260
[2011-04-06 12:09:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-06 11:19:43 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011-02-25 21:04:10 | 000,119,630 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Classic Frames Pack Uninstaller.exe
[2011-02-25 21:04:03 | 000,119,394 | ---- | C] () -- C:\WINDOWS\Christmas and New Year Frames Pack Uninstaller.exe
[2011-02-23 22:15:04 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2011-02-23 22:15:03 | 000,000,094 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011-02-23 22:13:45 | 000,210,628 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2011-01-26 22:26:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011-01-26 22:26:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011-01-07 12:36:51 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-12-17 16:00:46 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-11-29 23:33:44 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010-11-26 20:20:50 | 001,524,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010-07-10 05:38:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2011-05-07 09:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011-02-17 14:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2008-04-02 13:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2012-03-12 20:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011-05-15 23:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2012-05-06 22:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010-10-28 17:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008-02-28 09:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2010-10-28 18:06:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008-02-04 05:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011-01-29 15:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011-02-04 13:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2009-03-14 18:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011-05-17 21:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2008-02-09 07:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2010-02-05 15:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2008-04-07 10:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008-04-08 23:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2008-04-15 11:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008-02-09 07:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011-05-12 23:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010-10-15 17:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008-04-15 18:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2011-01-07 12:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010-11-19 11:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2008-03-27 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009-03-08 12:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008-03-31 09:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meridian93
[2012-05-05 17:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012-02-18 14:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008-02-08 16:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008-06-16 19:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011-07-03 16:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoCollageMax
[2010-01-29 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2008-04-14 10:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008-04-03 13:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008-02-04 05:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010-05-06 11:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011-09-11 19:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009-11-29 16:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-08-27 20:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010-07-05 21:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010-04-13 12:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008-12-30 09:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2010-05-17 17:45:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Goran\Application Data\.#
[2008-02-18 12:32:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\.BitTornado
[2011-04-27 22:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\9EB8F174-10C4-4BF3-9A55-36818C9AF17C
[2008-04-17 17:39:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Acreon
[2009-09-02 21:49:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Acronis
[2011-05-31 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AUSkey
[2011-10-26 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AVG Secure Search
[2011-10-26 19:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AVG2012
[2010-11-29 21:52:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Bitrix Security
[2008-03-21 21:09:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\BitTorrent
[2008-03-23 13:38:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\BSplayer
[2011-06-25 15:42:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Camfrog
[2008-05-30 19:32:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Canon
[2011-03-08 18:47:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ElevatedDiagnostics
[2011-05-17 22:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\EmailNotifier
[2008-02-09 02:58:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Gamelab
[2012-02-14 22:53:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GameTracker
[2011-09-06 23:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Garmin
[2010-05-17 19:03:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GetRightToGo
[2008-04-15 20:15:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GSC
[2008-02-21 09:46:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ICQ
[2008-02-27 09:51:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\iWinArcade
[2008-04-03 14:11:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Jane s Hotel Family Hero
[2008-01-29 07:40:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Leadertech
[2011-02-01 16:27:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ManyCam
[2008-03-30 19:32:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Meridian93
[2008-06-16 21:04:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Nokia
[2008-02-08 16:03:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Oberon Games
[2012-04-30 11:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\ooVoo Details
[2009-02-26 15:09:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\PC Suite
[2011-07-03 16:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PhotoCollageMax
[2012-04-30 00:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Photopos
[2011-05-17 21:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PhotoposComtb
[2008-04-14 10:49:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\PlayFirst
[2011-05-09 19:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PriceGong
[2009-02-21 16:10:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Safer Networking
[2009-03-08 10:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Simply Super Software
[2011-09-11 09:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Skinux
[2008-02-27 08:40:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\SpinTop
[2011-05-27 20:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\TeamViewer
[2008-05-25 14:11:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\TERMINAL Studio
[2008-03-17 00:16:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\TheScruffs
[2011-08-27 20:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\TomTom
[2008-04-09 19:00:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Ulead Systems
[2012-05-04 23:06:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Uniblue
[2012-04-10 22:23:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\uTorrent
[2009-12-23 13:25:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Vivox
[2012-04-22 15:19:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\VoipStunt
[2011-08-13 08:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Windows Live Writer
[2012-04-30 14:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012-04-22 12:53:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010-03-13 18:59:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2010-04-16 03:00:49 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2012-05-05 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2012-05-07 15:03:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
[2009-04-23 00:35:55 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011-05-15 16:48:43 | 000,032,626 | ---- | M] () -- C:\ASLog.txt
[2012-02-18 21:07:08 | 000,000,600 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012-02-13 20:29:54 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2008-01-23 14:16:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-01-23 14:16:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008-01-23 14:16:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007-07-27 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-08-17 19:01:34 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012-05-07 15:11:17 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008-04-06 19:39:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008-04-20 23:52:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008-04-20 23:54:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008-06-03 20:46:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008-06-03 20:47:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008-06-03 20:48:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008-11-08 09:06:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008-11-08 11:50:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009-01-18 21:42:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2008-04-06 19:39:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008-04-20 23:52:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008-04-20 23:54:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008-06-03 20:46:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008-06-03 20:47:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008-06-03 20:48:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008-11-08 09:06:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008-11-08 11:50:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009-01-18 21:42:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008-01-23 14:15:50 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 20:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007-03-28 12:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007-04-09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006-10-26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008-07-06 18:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008-02-19 06:58:22 | 000,199,600 | ---- | M] () -- C:\WINDOWS\MINI98.scr
[2010-04-17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008-02-21 09:46:40 | 000,000,457 | ---- | M] () -- C:\Program Files\INSTALL.LOG
[2008-02-28 06:53:11 | 000,000,000 | ---- | M] () -- C:\Program Files\temp01

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008-01-23 06:01:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008-01-23 06:01:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008-01-23 06:01:02 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >
[2008-08-17 19:06:50 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2012-04-24 19:57:41 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\HP Solution Center.lnk
[2008-08-17 19:06:50 | 000,001,567 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2008-01-23 14:16:14 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
[2008-05-01 01:00:13 | 000,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012-05-06 22:29:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-05 00:17:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-06 22:25:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-11 16:25:33

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EXE >
[2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007-06-13 19:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007-06-13 18:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007-07-27 20:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: EXPLORER.EXE-02121B1A.PF >
[2012-05-05 17:18:50 | 000,105,710 | ---- | M] () MD5=3D2B2DE79E5872919077284577D41F91 -- C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf

< MD5 for: EXPLORER.SCF >
[2007-07-27 20:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: EXPLORER.ZIP >
[2006-03-06 22:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

< MD5 for: IEXPLORE.CHM >
[2009-02-21 01:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2007-07-27 20:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm
[2006-09-02 00:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\ie8\iexplore.chm

< MD5 for: IEXPLORE.CHW >
[2010-11-08 18:18:36 | 000,153,185 | ---- | M] () MD5=F7E49469C37E8928CA836595E11C89B5 -- C:\WINDOWS\Help\iexplore.chw

< MD5 for: IEXPLORE.EXE >
[2008-12-19 13:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=030D78FE84A086ED376EFCBD2D72C522 -- C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe
[2008-10-15 14:34:58 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=056C927CF7207857E8B34F7A8FFD9B9E -- C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2008-12-19 13:25:30 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=15E8A89499741D5CF59A9CF6463A4339 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[2008-04-22 16:02:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=197B7E4030CFBD8D2979D375E1787AA2 -- C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[2008-08-23 13:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe
[2008-04-22 15:40:18 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=232B22817B90AE0AFF2D189E3E3735AC -- C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
[2007-12-06 19:01:25 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2703D940A62B731AA220529DD7331A78 -- C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
[2008-02-29 16:55:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2D0E5592AB5A46C27DAF7CCAFF4F5B59 -- C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
[2008-04-14 05:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2007-10-10 16:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[2007-10-10 16:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\iexplore.exe
[2008-06-23 17:20:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=64E376A47763DAEABCDA14BD5B6EA286 -- C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
[2008-02-22 17:40:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=6E0888626E0CAC79F57149814E22DB4D -- C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[2007-12-06 16:34:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=809D17D8FA0FDAEE07778CD821CAFFDE -- C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[2008-10-15 15:06:26 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=9D3DB9ADFABD2F0BC778EC03250A3ABB -- C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
[2009-02-28 12:54:41 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=A251068640DDB69FD7805B57D89D7FF7 -- C:\WINDOWS\ie8\iexplore.exe
[2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2009-02-28 12:54:44 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=BCD8E48709BE4A79606F0B6E8E9A6162 -- C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[2008-06-23 16:23:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=C52A9EF571E91535EB78DB4B8B95EA07 -- C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[2007-08-14 10:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
[2007-07-27 20:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie7\iexplore.exe
[2008-08-23 13:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[2007-10-10 18:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
[2007-10-10 18:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\iexplore.exe

< MD5 for: IEXPLORE.EXE.EXP.LOG >
[2011-05-08 15:11:44 | 000,386,821 | ---- | M] () MD5=3E026E1FD84AA528C0E36886E1658F04 -- C:\Program Files\Internet Explorer\iexplore.exe.exp.log

< MD5 for: IEXPLORE.EXE.EXP.LOG.OLD >
[2010-03-22 19:49:59 | 001,051,657 | ---- | M] () MD5=958C2A29A7DAB076FAD641C4E721E8FB -- C:\Program Files\Internet Explorer\iexplore.exe.exp.log.old

< MD5 for: IEXPLORE.EXE.MUI >
[2009-03-08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009-03-08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
[2007-08-14 10:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\WINDOWS\ie8\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE_129498214790156250.EXH >
[2011-05-14 12:38:02 | 000,000,554 | ---- | M] () MD5=A8402148B0B62303E5FA917784FAA771 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129498214790156250.exh

< MD5 for: IEXPLORE.EXE_129498214790156250_F.DMP >
[2011-05-14 12:38:02 | 017,301,386 | ---- | M] () MD5=7BAAE5CAF445E8D55E8A8216DEAC1384 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129498214790156250_F.dmp

< MD5 for: IEXPLORE.EXE_129498214790156250_M.DMP >
[2011-05-14 12:38:00 | 006,714,678 | ---- | M] () MD5=72D57DCFACA6CC444669E7918A2156A1 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129498214790156250_M.dmp

< MD5 for: IEXPLORE.EXE_129499203848750000.EXH >
[2011-05-15 16:06:52 | 000,000,569 | ---- | M] () MD5=2C1B991D3F2E85B62C22BE336AC4171A -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129499203848750000.exh

< MD5 for: IEXPLORE.EXE_129499203848750000_F.DMP >
[2011-05-15 16:06:42 | 213,879,461 | ---- | M] () MD5=67C583CE1BA01C5F001B48D7C7671010 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129499203848750000_F.dmp

< MD5 for: IEXPLORE.EXE_129499203848750000_M.DMP >
[2011-05-15 16:06:27 | 005,162,113 | ---- | M] () MD5=34715B3539C1E79DB5F104986072E248 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129499203848750000_M.dmp

< MD5 for: IEXPLORE.EXE-2D97EBE6.PF >
[2012-05-06 22:19:20 | 000,085,118 | ---- | M] () MD5=76418E43AF012686A61B6FCD09F6CABC -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf

< MD5 for: IEXPLORE.HLP >
[2007-07-27 20:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

< MD5 for: WINLOGON.EXE >
[2007-07-27 20:00:00 | 000,506,880 | ---- | M] (Microsoft Corporation) MD5=051A52001D625F316CE81A539BD25192 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINLOGON.EXE.20080206-055927-00.HDMP >
[2008-02-06 13:59:29 | 003,499,992 | ---- | M] () MD5=CD8778DB4F3D620E6FE77775C20A92E9 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\winlogon.exe.20080206-055927-00.hdmp

< MD5 for: WINLOGON.EXE.20080720-030935-00.HDMP >
[2008-07-20 11:09:39 | 000,032,638 | ---- | M] () MD5=4715AFF3EFD69074CBEA07675A058D48 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\winlogon.exe.20080720-030935-00.hdmp

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB49800$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 287 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0030B7B
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6D0EC31
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03777453
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A3DB99
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7D7891
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52D76DB8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:633B85CE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFBB419A

< End of report >

[JonDou]

And this is the

Extras.txt log

OTL Extras logfile created on: 07-May-2012 3:15:40 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 3.13 Gb Available Physical Memory | 89.45% Memory free
5.33 Gb Paging File | 5.23 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 41.14 Gb Free Space | 27.58% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 14.77 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS
Drive J: | 951.62 Mb Total Space | 946.52 Mb Free Space | 99.46% Space Free | Partition Type: FAT32

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"25999:TCP" = 25999:TCP:*:Disabled:cs.xfire.com
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"585:TCP" = 585:TCP:*:Enabled:outlook send
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" = C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt -- (VoipStunt)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\Grisoft\AVG7\avgemc.exe" = C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Disabled:btdownloadgui
"C:\Program Files\SEGA\Medieval II Total War\medieval2.exe" = C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:*:Disabled:Medieval 2: Total War
"C:\DOCUME~1\Goran\LOCALS~1\Temp\Rar$EX00.125\Call of Duty 4 -- Chams & Aimbot.exe" = C:\DOCUME~1\Goran\LOCALS~1\Temp\Rar$EX00.125\Call of Duty 4 -- Chams & Aimbot.exe:*:Enabled:Microsot Windows Explorer
"C:\Documents and Settings\Goran\Documents\Downloads\WoW-BurningCrusade-enUS-Installer-downloader.exe" = C:\Documents and Settings\Goran\Documents\Downloads\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Documents and Settings\Goran\Documents\Downloads\WoW-BurningCrusade-Trial-enUS-Installer-downloader2.exe" = C:\Documents and Settings\Goran\Documents\Downloads\WoW-BurningCrusade-Trial-enUS-Installer-downloader2.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\winup.exe" = C:\WINDOWS\system32\winup.exe:*:Disabled:winup
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe" = C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe:*:Disabled:sof3
"C:\Documents and Settings\Goran\Local Settings\Temp\Blizzard Launcher Temporary - a84d1928\Launcher.exe" = C:\Documents and Settings\Goran\Local Settings\Temp\Blizzard Launcher Temporary - a84d1928\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Disabled:McAfee Data Backup
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\Goran\Application Data\IMVUClient\IMVUClient.exe" = C:\Documents and Settings\Goran\Application Data\IMVUClient\IMVUClient.exe:*:Enabled:IMVUClient
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Documents and Settings\Goran\Application Data\IMVUClient\1VivoxVoice.exe" = C:\Documents and Settings\Goran\Application Data\IMVUClient\1VivoxVoice.exe:*:Disabled:1VivoxVoice
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Disabled:Camfrog Video Chat -- (Camshare Inc.)
"C:\Program Files\ICQ\Icq.exe" = C:\Program Files\ICQ\Icq.exe:*:Disabled:ICQ
"C:\Documents and Settings\Goran\Desktop\CoD2 Wallhack\cod4\Chams & aimbot\Call of Duty 4 -- Chams & Aimbot.exe" = C:\Documents and Settings\Goran\Desktop\CoD2 Wallhack\cod4\Chams & aimbot\Call of Duty 4 -- Chams & Aimbot.exe:*:Disabled:Microsot Windows Explorer
"C:\Documents and Settings\Goran\Desktop\CoD2 Wallhack\cod4\Call of Duty 4 -- Chams & Aimbot.exe" = C:\Documents and Settings\Goran\Desktop\CoD2 Wallhack\cod4\Call of Duty 4 -- Chams & Aimbot.exe:*:Disabled:Microsot Windows Explorer
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Disabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Xfire\xfire_exception.exe" = C:\Program Files\Xfire\xfire_exception.exe:*:Disabled:xfire_exception -- (Xfire Inc.)
"C:\Program Files\The All-Seeing Eye\eye.exe" = C:\Program Files\The All-Seeing Eye\eye.exe:*:Disabled:Yahoo! All-Seeing Eye
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Disabled:Curse Client
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe" = C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising -- (Codemasters Software Company Limited)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\World of Warcraft\Temp\wow-4.2.1.2727-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft\Temp\wow-4.2.1.2727-enUS-tools-downloader.exe:*:Enabled:wow-4.2.1.2727-enUS-tools-downloader
"C:\Program Files\World of Warcraft\Temp\wow-4.2.1.2730-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft\Temp\wow-4.2.1.2730-enUS-tools-downloader.exe:*:Enabled:wow-4.2.1.2730-enUS-tools-downloader
"C:\Program Files\World of Warcraft\wow-4.2.1.2736-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft\wow-4.2.1.2736-enUS-tools-downloader.exe:*:Enabled:wow-4.2.1.2736-enUS-tools-downloader.exe -- (Blizzard Entertainment)
"C:\Documents and Settings\Goran\Local Settings\Apps\2.0\NNZXODTC.Z36\L0EJW5YD.ZPE\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe" = C:\Documents and Settings\Goran\Local Settings\Apps\2.0\NNZXODTC.Z36\L0EJW5YD.ZPE\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"C:\Documents and Settings\Goran\Local Settings\Temp\7zS19F7\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Goran\Local Settings\Temp\7zS19F7\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003190C4-888F-834C-0780-601D304C9C32}" = CCC Help Spanish
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{0813B2A4-85CF-491C-3C69-52463DCC4F4D}" = CCC Help Chinese Standard
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0CC4615C-7BA6-F3A1-FA76-A2AF370AC670}" = CCC Help Russian
"{0DE46A13-D4CB-BAD4-98FB-5262DDE76CE8}" = CCC Help Korean
"{0FC61FCF-0FAA-E9EE-7BD6-A75CAA0C3388}" = CCC Help Czech
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{12D9D635-2C58-8B60-C44B-C09DD307F4DC}" = CCC Help Chinese Traditional
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1E1300BC-6DBA-476B-8CCF-4AA81ED4DF6A}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20535ABD-7D5E-472E-9077-6AF48480DD82}" = ASUS GameOSD Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26405090-4A02-41C5-B7CB-EBD624BCB424}" = CCC Help French
"{2668AB7A-6937-107C-166E-31B230235B7B}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{298FC7A4-44AF-411D-BB17-C8516C20849B}" = GSC
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{309E994A-1FE1-4198-036E-A01A02213E25}" = CCC Help Hungarian
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34E30A1C-E978-332B-9B94-520621C4E13E}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3956B09E-C5AD-43A6-A889-F37F89BF47E1}" = Pilici
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AA83D48-8658-1526-EC55-25514D46ACCD}" = ccc-core-static
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FD595B1-0A6E-2A69-C199-71E3B65A1910}" = CCC Help Danish
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65455A2D-1671-E83B-F15D-D0C887F9D608}" = ATI Catalyst Install Manager
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7724F361-5E45-4649-E104-07183CC0E349}" = ATI Problem Report Wizard
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D5F535B-C5DC-47A9-8392-D757F7B600AC}" = CCC Help Greek
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EA4D12F-1571-4998-9BD1-D20C4A767D24}" = ASUS Utilities
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FAD04E8-1D32-22CC-701E-01E2A94015C3}" = CCC Help English
"{8FB3B66F-5A82-9ACB-0560-17C761A8A68B}" = CCC Help Dutch
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{971D71F5-CA24-52B1-811E-CB7CA0502CCE}" = CCC Help Portuguese
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A488DCE3-1391-0843-531A-86246DEBE98C}" = ccc-utility
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC874BBA-8B7A-ABB3-5878-BB8CD05F2852}" = CCC Help Thai
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBCC790B-FC18-B612-C8C1-851BEE493D55}" = CCC Help Italian
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEA2FF8E-50A3-4C6D-955E-5632C881753F}" = NetComm NB6 Series ADSL2+ Router USB Driver
"{C07751B7-AAF1-ABA4-2BCF-0C5D3D932D19}" = CCC Help Norwegian
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam Software
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D21D0CE6-F81A-F051-93FA-F0D8925C87D8}" = Catalyst Control Center Localization All
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2C4175D-CE60-AA59-0BEF-8B454A789C95}" = CCC Help Japanese
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB3E8237-FD20-C42C-9D93-9D6ADE03850C}" = ATI AVIVO Codecs
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3837B-9DE3-4D2F-07A8-A85D765F38ED}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F584B87B-4249-1331-345B-3C219F00C60B}" = CCC Help Swedish
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD26A504-690A-7631-104B-AA6917B9D207}" = CCC Help Finnish
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE5CD0C9-5A17-99C3-0B93-A820C3109049}" = Catalyst Control Center Graphics Previews Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD766D4-F724-1FD9-20CA-D3E6EDA5A663}" = CCC Help Turkish
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"ALLPlayer_is1" = ALLPlayer V4.X
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Camfrog 6.0" = Camfrog Video Chat 6.0
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"Christmas and New Year Frames Pack" = Christmas and New Year Frames Pack
"Crystal Player" = Crystal Player Professional 1.97
"CSCLIB" = Canon Camera Support Core Library
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"FormatFactory" = FormatFactory 2.70
"GameTracker Lite" = GameTracker Lite
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{298FC7A4-44AF-411D-BB17-C8516C20849B}" = GSC
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D1B7EF59-A3E2-452A-882E-076E1A18D94A}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Singleplayer Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"Kid-Key-Lock_is1" = Kid-Key-Lock 1.7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"ManyCam" = ManyCam 2.6.30 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Photo Pos Pro" = Photo Pos Pro
"Photo Pos Pro Classic Frames Pack" = Photo Pos Pro Classic Frames Pack
"Photo Pos Pro Collage Templates Pack" = Photo Pos Pro Collage Templates Pack
"PhotoposComTbr" = Photopos Toolbar (Remove Toolbar Only)
"PhotoStitch" = Canon Utilities PhotoStitch
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.92
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Totalcmd" = Total Commander (Remove or Repair)
"Turbo Pizza_is1" = Turbo Pizza
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"VoipStunt_is1" = VoipStunt
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR arhivar
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xfire" = Xfire (remove only)
"Xilisoft DVD Ripper Platinum 5" = Xilisoft DVD Ripper Platinum 5
"xvid" = XviD MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZD Soft Game Recorder" = ZD Soft Game Recorder
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in
"Winamp Toolbar" = Winamp Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02-May-2012 11:03:05 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 02-May-2012 11:03:27 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 02-May-2012 11:03:42 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 03-May-2012 11:09:08 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 1:53:40 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 1:55:07 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 1:59:02 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 1:59:42 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 2:00:10 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 5:16:02 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

[ OSession Events ]
Error - 16-May-2011 10:27:39 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16-May-2011 10:28:08 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16-May-2011 10:28:38 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16-May-2011 10:29:01 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18-May-2011 9:39:28 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 187
seconds with 120 seconds of active time. This session ended with a crash.

Error - 09-Sep-2011 6:01:49 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol
Driver service which failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7023
Description = The SilverLink service terminated with the following error: %%126

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD asuskbnt Avgldx86 Avgmfx86 Avgtdix EIO Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
Tcpip6

Error - 07-May-2012 3:13:05 AM | Computer Name = MAKIGOKI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

[JonDou]

Note:
I must tell you that I've had my Safe Mode on without the networking, so I couldn't update Avast's database.

here is attached MBR.zip and

aswMBR.txt


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-07 15:30:44
-----------------------------
15:30:44.203 OS Version: Windows 5.1.2600 Service Pack 3
15:30:44.203 Number of processors: 2 586 0xF0B
15:30:44.203 ComputerName: MAKIGOKI UserName: Goran
15:30:46.093 Initialize success
15:34:33.171 AVAST engine download error: 0
15:35:05.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:35:05.781 Disk 0 Vendor: WDC_WD3200AAJS-65RYA0 12.01B01 Size: 305245MB BusType: 3
15:35:05.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\JRAID1Port4Path0Target1Lun0
15:35:05.796 Disk 1 Vendor: ST380215 Size: 76318MB BusType: 1
15:35:05.812 Disk 0 MBR read successfully
15:35:05.828 Disk 0 MBR scan
15:35:05.828 Disk 0 unknown MBR code
15:35:05.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152703 MB offset 63
15:35:05.843 Disk 0 Partition - 00 0F Extended LBA 152539 MB offset 312737355
15:35:05.875 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 137172 MB offset 312737418
15:35:05.875 Disk 0 Partition - 00 05 Extended 15366 MB offset 593666010
15:35:05.906 Disk 0 Partition 3 00 BC BOOTWIZ0 15366 MB offset 593666073
15:35:05.921 Disk 0 scanning sectors +625137345
15:35:06.015 Disk 0 scanning C:\WINDOWS\system32\drivers
15:35:19.328 Service scanning
15:35:50.656 Service PciCon E:\PciCon.sys **LOCKED** 21
15:35:54.640 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:36:00.265 Modules scanning
15:36:08.812 Disk 0 trace - called modules:
15:36:08.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sprr.sys >>UNKNOWN [0x8b574938]<<
15:36:08.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b448030]
15:36:09.062 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\00000085[0x8b4f69e8]
15:36:09.171 5 ACPI.sys[b7e6a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b454940]
15:36:09.250 Scan finished successfully
15:36:51.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Goran\Desktop\MBR.dat"
15:36:51.671 The log file has been saved successfully to "C:\Documents and Settings\Goran\Desktop\aswMBR.txt"


Thanks again

[JonDou]

sry... forgot to attach the zip file ... here it is

[oldman960]

Hi JonDou,

That's ok. You can run Deffogger in Safe Mode but I'd like you to try to run Combofix in normal windows. If it won't run please boot to Safe Mode with Networking and run it from there.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Please read through the instructions to familarize youself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download


Please download ComboFix from Link 1or Link 2 to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  -Tools->Options->Main tab
  -Set to "Always ask me where to Save the files".
  
• During the download, before you save it to your desktop, rename Combofix to jgh.exe

• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix

-----------------------------------------------------------

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------

• Double click on ComboFix.exe (jgh.exe in your case) & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.[/b]

Please post back with

• combofix log

How is the computer?

Thanks