Another IDP.Trojan.1C8D1A13 and Crypt.AQLW infection...please help

**JonDou** · 2012-05-13, 03:51

Hi oldman960

Thanks for the links You gave me. I have gone through them and found very useful stuff. I will implement some of them

. I scaned a comp with MBAM today and

"The scan completed succesfully. No malicious items were detected."

Here is the log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.12.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Goran :: OWNER [administrator]

13-May-2012 9:15:06 AM
mbam-log-2012-05-13 (09-15-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257798
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I forgot to tell You... I don't experiance freezes any more with my computer, but You have probably figure it out by now

.
No more "HPProductAssistant" window poping out olso

.

Thanks again oldman960

**oldman960** · 2012-05-13, 06:50

Hi JonDou,

So far so good,

One more scan to check our handiwork.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Go here to run an online scannner from
ESET

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.

After the ESET scan please rerun OTL. Open the program and click the Quick Scan button. Please post the OTL.txt that is produced.

Please post back with

ESET log if there was one
OTL.txt

Everything still ok?

**JonDou** · 2012-05-13, 12:00

Hi oldman960

I wanted to delete the old OTL.txt log from my desktop when I saw defogger_disable.log there. I remembered that you said something about it earlier and found this:

"IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop."

Because I didn't receive any error message (or I didn't see it at least) I wasn't expecting a log. Now that I found it, here it is: I'm sry if it turns out to be important one

defogger_disable log:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:02 on 07/05/2012 (Goran)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

I'll run the scans now...

**JonDou** · 2012-05-13, 14:17

Hi oldman960

OK... I did the scans and the logs follow. Quite a few infections were found :(.
Just wanted to tell You that in AVG's identity protection allowed list, is a
C:\WINDOWS\SYSTEM32\REGSVR32.EXE and the date allowed is 29.08.2011.
Should that be there?

ESETScan log:

C:\Qoobox\Quarantine\C\WINDOWS\system32\ATKGFNEXSrv.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\avupdsvc.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\awvaibcm.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\btserial.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\enwkuruc.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\hxyrdorl.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\jhiptdjc.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\kfehbjfu.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\lxda_device.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Machnm32.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\MtxDma0.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Ncrc710.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\parallel.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pdlnshay.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ROB_A.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\SE2Dmdm.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tcpip6.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wdmaud.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\websensecamreportserver.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ydkbfemh.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\z800mdfl.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ZDPNDIS5.dll.vir Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0242588.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0242617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0243617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0244617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0245617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0246617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0246652.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0246692.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0246792.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1313\A0246849.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0247685.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0247827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248836.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248837.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248843.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248844.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248845.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248846.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248847.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0249827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0250827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0251827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0252827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0253829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0254829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0254838.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0254839.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0255829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0256829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0257829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0258829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0259829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0260829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0261837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0262837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0263837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0264837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0265837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0265849.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0265926.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0266926.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0266936.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0267926.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0267934.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1324\A0269280.dll Win32/Sirefef.DA trojan
D:\My Documents\marina\portfolio\vectors\picture\SweetImSetup.exe a variant of Win32/SweetIM.B application
D:\My Documents\programi\gamebooster.exe a variant of Win32/Toolbar.Widgi application
D:\My Documents\programi\PhotoPosPro\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application
D:\My Documents\programi\Uniblue\spyeraser.exe probably a variant of Win32/UbSpyEraser application
D:\My Documents\programi 2\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application

Thanks oldman960

**JonDou** · 2012-05-13, 14:22

I did enable all antivirus and antispyware programs.

Have to break OTL.txt in two parts.

First part:

OTL Scan log

OTL logfile created on: 13-May-2012 7:52:04 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 76.66% Memory free
5.34 Gb Paging File | 4.56 Gb Available in Paging File | 85.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 42.22 Gb Free Space | 28.31% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 14.78 Gb Free Space | 11.03% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Goran\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\GameTracker\GSInGameService.exe (ClanServers Hosting LLC)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll ()
MOD - C:\Program Files\GSC\CtxMenu.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()

========== Win32 Services (SafeList) ==========

SRV - (MXOFX) -- %systemroot%\system32\WinVd32.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (CcmExec) -- %systemroot%\system32\w200mgmt.dll File not found
SRV - (btnhnd) -- %systemroot%\system32\SECYPUSB.dll File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (aaksrv) -- %systemroot%\system32\RTL8169.dll File not found
SRV - (3comtftp) -- %systemroot%\system32\vmount2.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (GS In-Game Service) -- C:\Program Files\GameTracker\GSInGameService.exe (ClanServers Hosting LLC)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (KMService) -- C:\WINDOWS\system32\srvany.exe ()

**JonDou** · 2012-05-13, 14:22

Second part:

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (SpyEmrg) -- System32\Drivers\spyemrg.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PciCon) -- E:\PciCon.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\jgh\catchme.sys File not found
DRV - (1802E) -- globalroot\C:\WINDOWS\system32\drivers\1802E.sys File not found
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgRkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\WINDOWS\system32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (Video3D) -- C:\WINDOWS\system32\drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (Lvckap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1455F202-242E-4872-9700-182595B04230}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=chr-vmn&type=photopos2_0yach&q={searchTerms}
IE - HKCU\..\SearchScopes\{7400AA93-E276-4810-886F-5F5A9DDC3FD6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNWQ_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={60F607CC-7962-4103-A140-A4612667239E}&mid=44fe0b7a735675b2c18c7d77bd9a4579-0ea5e905f1d14e46bc4439e0ddc6c448b29e541b&lang=en&ds=AVG&pr=fr&d=2011-10-26 19:36:50&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=0&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-10-26 13:57:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-02-01 18:58:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012-03-12 20:07:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-02 19:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-04 23:01:11 | 000,000,000 | ---D | M]

[2010-10-02 00:30:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions
[2011-08-27 20:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009-12-23 13:11:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012-05-04 23:04:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions
[2011-11-06 08:18:06 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-10-28 18:20:38 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-04-30 00:09:10 | 000,000,000 | ---D | M] (PhotoPos Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}
[2012-05-03 22:12:19 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011-08-17 21:37:03 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\aol-web-search.xml
[2011-02-01 19:05:08 | 000,002,333 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\askcom.xml
[2008-03-16 09:00:27 | 000,002,386 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\siteadvisor.xml
[2011-02-19 19:31:14 | 000,001,244 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\winamp-search.xml
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-04-22 18:19:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-05-31 20:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2011-12-01 20:06:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-07-12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012-03-12 20:07:48 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011-12-01 20:06:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! Search (Enabled)
CHR - default_search_provider: search_url = http://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_au&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2012-05-12 17:51:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Goran\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O9 - Extra 'Tools' menuitem : &Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: windowslivehelp.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/downlo...elpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/Driver...aSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Turbo%20Pizza/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7}: NameServer = 192.168.1.1,198.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D313AD3B-2A3F-4708-93FA-5AA7A28B9671}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-02-18 21:07:08 | 000,000,600 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{26BD304E-C934-11DC-B644-806D6172696F}\bootwiz\asrm.bin)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-05-13 19:47:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-05-13 18:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-05-12 16:26:46 | 004,490,121 | R--- | C] (Swearware) -- C:\Documents and Settings\Goran\Desktop\jgh.exe
[2012-05-09 00:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012-05-08 23:40:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-05-08 23:16:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-05-08 23:16:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-05-08 23:16:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-05-08 23:16:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-05-08 21:40:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-05-06 22:37:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-06 22:37:44 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-05 00:20:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012-05-05 00:17:27 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-04 23:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-05-02 20:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012-05-02 20:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012-04-30 11:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\ooVoo Details
[2012-04-30 11:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Local Settings\Application Data\APN
[2012-04-30 00:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\Photopos
[2012-04-30 00:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoposComTbr
[2012-04-24 19:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2012-04-24 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012-04-22 18:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012-04-22 18:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011-05-15 13:47:37 | 540,639,232 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Goran\Application Data\14.0.4734.1000_ProfessionalPlus_volume_ship_x86_en-us_exe.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-05-13 19:53:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
[2012-05-13 19:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-13 19:46:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-05-13 17:43:26 | 098,041,082 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012-05-13 17:40:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-05-13 03:25:11 | 001,686,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-05-13 03:04:57 | 000,472,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-05-13 03:04:57 | 000,090,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-05-13 03:01:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-05-12 17:51:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-05-12 16:26:46 | 004,490,121 | R--- | M] (Swearware) -- C:\Documents and Settings\Goran\Desktop\jgh.exe
[2012-05-12 13:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-12 06:27:12 | 000,001,663 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012-05-10 23:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-05-10 22:42:38 | 000,026,134 | -H-- | M] () -- C:\treeinfo.wc
[2012-05-08 23:42:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-05-08 23:40:20 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012-05-08 21:37:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-07 20:02:35 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Goran\defogger_reenable
[2012-05-07 18:38:58 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Defogger.exe
[2012-05-07 15:38:41 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\MBR.zip
[2012-05-07 15:36:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\MBR.dat
[2012-05-06 22:29:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-06 22:25:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-05 17:30:22 | 000,008,960 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Attach.zip
[2012-05-05 00:19:18 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-05-05 00:18:27 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\NTREGOPT.lnk
[2012-05-05 00:18:27 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\ERUNT.lnk
[2012-05-05 00:17:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-03 21:20:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012-05-02 19:08:53 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120503-001603.backup
[2012-05-01 23:15:52 | 000,002,233 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Pilici.lnk
[2012-05-01 22:59:00 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WORLD OF WARCRAFT.LNK
[2012-05-01 16:59:54 | 000,387,826 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012-04-30 00:13:03 | 000,118,318 | ---- | M] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-24 20:04:20 | 000,141,123 | ---- | M] () -- C:\WINDOWS\hpoins14.dat
[2012-04-24 19:59:13 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-04-22 20:43:24 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\Goran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-05-10 22:42:38 | 000,026,134 | -H-- | C] () -- C:\treeinfo.wc
[2012-05-08 23:40:20 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012-05-08 23:40:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012-05-08 23:16:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-05-08 23:16:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-05-08 23:16:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-05-08 23:16:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-05-08 23:16:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-05-07 20:02:10 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Goran\defogger_reenable
[2012-05-07 19:59:34 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\Defogger.exe
[2012-05-07 15:38:41 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\MBR.zip
[2012-05-07 15:36:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\MBR.dat
[2012-05-05 17:30:22 | 000,008,960 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\Attach.zip
[2012-05-05 00:19:18 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-05-05 00:18:27 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\NTREGOPT.lnk
[2012-05-05 00:18:27 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\ERUNT.lnk
[2012-04-30 00:13:03 | 000,118,318 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-25 08:04:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012-04-24 19:59:13 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-02-13 18:28:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012-02-03 17:29:56 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011-08-21 16:36:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011-07-23 09:02:38 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2011-06-25 16:44:12 | 000,090,744 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-06-19 15:18:10 | 000,140,564 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp
[2011-06-19 15:18:10 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp
[2011-05-15 16:42:16 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\Comma Separated Values (Windows).ADR
[2011-05-10 20:30:54 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2011-05-07 13:09:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\$_hpcst$.hpc
[2011-04-12 02:36:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436r
[2011-04-12 02:36:42 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436
[2011-04-11 11:59:33 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260r
[2011-04-11 11:59:33 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260
[2011-04-06 12:09:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-06 11:19:43 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011-02-25 21:04:10 | 000,119,630 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Classic Frames Pack Uninstaller.exe
[2011-02-25 21:04:03 | 000,119,394 | ---- | C] () -- C:\WINDOWS\Christmas and New Year Frames Pack Uninstaller.exe
[2011-02-23 22:15:04 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2011-02-23 22:15:03 | 000,000,094 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011-02-23 22:13:45 | 000,210,628 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2011-01-26 22:26:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011-01-26 22:26:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011-01-07 12:36:51 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-12-17 16:00:46 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-11-29 23:33:44 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010-07-10 05:38:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2011-05-07 09:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011-02-17 14:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2008-04-02 13:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2012-03-12 20:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011-05-15 23:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2012-05-06 22:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010-10-28 17:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008-02-28 09:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2010-10-28 18:06:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008-02-04 05:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011-01-29 15:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011-02-04 13:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2009-03-14 18:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011-05-17 21:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2008-02-09 07:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2010-02-05 15:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2008-04-07 10:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008-04-08 23:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2008-04-15 11:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008-02-09 07:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011-05-12 23:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010-10-15 17:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008-04-15 18:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2011-01-07 12:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010-11-19 11:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2008-03-27 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009-03-08 12:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008-03-31 09:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meridian93
[2012-05-13 17:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012-02-18 14:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008-02-08 16:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008-06-16 19:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011-07-03 16:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoCollageMax
[2010-01-29 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2008-04-14 10:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008-04-03 13:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008-02-04 05:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010-05-06 11:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011-09-11 19:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011-08-27 20:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010-07-05 21:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010-04-13 12:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008-12-30 09:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2008-02-18 12:32:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\.BitTornado
[2011-04-27 22:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\9EB8F174-10C4-4BF3-9A55-36818C9AF17C
[2008-04-17 17:39:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Acreon
[2009-09-02 21:49:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Acronis
[2011-05-31 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AUSkey
[2011-10-26 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AVG Secure Search
[2011-10-26 19:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AVG2012
[2008-03-21 21:09:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\BitTorrent
[2008-03-23 13:38:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\BSplayer
[2011-06-25 15:42:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Camfrog
[2008-05-30 19:32:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Canon
[2011-03-08 18:47:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ElevatedDiagnostics
[2011-05-17 22:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\EmailNotifier
[2008-02-09 02:58:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Gamelab
[2012-02-14 22:53:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GameTracker
[2011-09-06 23:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Garmin
[2010-05-17 19:03:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GetRightToGo
[2008-04-15 20:15:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GSC
[2008-02-21 09:46:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ICQ
[2008-02-27 09:51:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\iWinArcade
[2008-04-03 14:11:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Jane s Hotel Family Hero
[2008-01-29 07:40:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Leadertech
[2011-02-01 16:27:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ManyCam
[2008-03-30 19:32:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Meridian93
[2008-06-16 21:04:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Nokia
[2008-02-08 16:03:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Oberon Games
[2012-04-30 11:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\ooVoo Details
[2009-02-26 15:09:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\PC Suite
[2011-07-03 16:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PhotoCollageMax
[2012-04-30 00:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Photopos
[2011-05-17 21:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PhotoposComtb
[2008-04-14 10:49:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\PlayFirst
[2009-02-21 16:10:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Safer Networking
[2009-03-08 10:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Simply Super Software
[2011-09-11 09:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Skinux
[2008-02-27 08:40:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\SpinTop
[2011-05-27 20:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\TeamViewer
[2008-05-25 14:11:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\TERMINAL Studio
[2008-03-17 00:16:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\TheScruffs
[2011-08-27 20:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\TomTom
[2008-04-09 19:00:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Ulead Systems
[2012-05-04 23:06:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Uniblue
[2012-04-10 22:23:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\uTorrent
[2009-12-23 13:25:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Vivox
[2012-04-22 15:19:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\VoipStunt
[2011-08-13 08:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Windows Live Writer
[2010-04-16 03:00:49 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2012-05-13 19:53:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
[2009-04-23 00:35:55 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

Thanks oldman960

**oldman960** · 2012-05-13, 17:29

Hi JonDou,

The detections are files we have all ready quarantined or are old System Restore points. These will be removed when the tools are removed.

C:\WINDOWS\SYSTEM32\REGSVR32.EXE

Yes that is a legitamate file and location.

D:\My Documents\marina\portfolio\vectors\picture\SweetImSetup.exe a variant of Win32/SweetIM.B application
D:\My Documents\programi\gamebooster.exe a variant of Win32/Toolbar.Widgi application
D:\My Documents\programi\PhotoPosPro\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application
D:\My Documents\programi\Uniblue\spyeraser.exe probably a variant of Win32/UbSpyEraser application
D:\My Documents\programi 2\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application

These are warning of potentialy unwanted programs (PUP) or the fact that the setup files contain a PUP.

Next, Double click on OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

Code:

:Reg

:Services
CcmExec
MXOFX
btnhnd
aaksrv
3comtftp

:Files
C:\windows\system32\WinVd32.dll 
C:\windows\system32\w200mgmt.dll
C:\windows\system32\SECYPUSB.dll
C:\windows\system32\RTL8169.dll
C:\windows\system32\vmount2.dll

:Commands
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.

Please post the fix OTL log.

**JonDou** · 2012-05-14, 07:58

Hi oldman960

Computer is doing fine so far

with full antivirus and antispyware software running

.
I did a fix and here is the log file:

All processes killed
========== REGISTRY ==========
========== SERVICES/DRIVERS ==========
Service CcmExec stopped successfully!
Service CcmExec deleted successfully!
Service MXOFX stopped successfully!
Service MXOFX deleted successfully!
Service btnhnd stopped successfully!
Service btnhnd deleted successfully!
Service aaksrv stopped successfully!
Service aaksrv deleted successfully!
Service 3comtftp stopped successfully!
Service 3comtftp deleted successfully!
========== FILES ==========
File\Folder C:\windows\system32\WinVd32.dll not found.
File\Folder C:\windows\system32\w200mgmt.dll not found.
File\Folder C:\windows\system32\SECYPUSB.dll not found.
File\Folder C:\windows\system32\RTL8169.dll not found.
File\Folder C:\windows\system32\vmount2.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 373795 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes

User: Goran
->Temp folder emptied: 933934 bytes
->Temporary Internet Files folder emptied: 25645899 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 37941165 bytes
->Google Chrome cache emptied: 62476616 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2656 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 15076 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 20265 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 29536882 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152659 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 20105630 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 208728 bytes

Total Files Cleaned = 169.00 mb

Unable to start System Restore Service. Error code 1056

OTL by OldTimer - Version 3.2.42.2 log created on 05142012_134515

Files\Folders moved on Reboot...
C:\Documents and Settings\Goran\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\Documents and Settings\Goran\Local Settings\Temp\~DF3519.tmp not found!
File\Folder C:\Documents and Settings\Goran\Local Settings\Temp\~DF3524.tmp not found!
File\Folder C:\Documents and Settings\Goran\Local Settings\Temp\~DF3563.tmp not found!
File\Folder C:\Documents and Settings\Goran\Local Settings\Temp\~DF356E.tmp not found!
C:\Documents and Settings\Goran\Local Settings\Temp\~DFF800.tmp moved successfully.
C:\Documents and Settings\Goran\Local Settings\Temporary Internet Files\Content.IE5\QPYPYKEU\showthread[2].htm moved successfully.
C:\Documents and Settings\Goran\Local Settings\Temporary Internet Files\Content.IE5\MSC9O6JR\favicon[5].ico moved successfully.
C:\Documents and Settings\Goran\Local Settings\Temporary Internet Files\Content.IE5\1IDUYTRX\topbuttons[2].xml moved successfully.
C:\Documents and Settings\Goran\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

I hope everything is fine now. Thank You again for helping me

.

**oldman960** · 2012-05-14, 23:17

Hi JonDou,

You are welcome.

It looks like you are good to go.

When you clean up the tools keep Defogger we will use it shortly.

From your desktop, please delete, if present

any notepads/logs that we created
DDS.scr
aswMBR.exe
MBR.zip
MBR.dat

Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK

Combofix /uninstall

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM, keep it updated and use it regularly.

To re-enable your Emulation drivers, double click DeFogger to run the tool.

The application window will appear
Click the Re-enable button to re-enable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Add a firewall to what you have.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware, IMO)

You can use Spybot to install a Custom Hosts file.

1-Left-click the "Spybot - Search & Destroy" shortcut to open the program
2-Right-click an item in the list of immunizations and click "Deselect All."
3-Scroll down to the bottom of the list and click the checkbox to the left of "Global (Hosts)" under the "Windows" header.
4-Click "Immunize" on the Spybot toolbar.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.

-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis

- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, ates to your chosen optionClick your start button > Control Panel > System > Automatic Updates tab.

- Keep your antivirus program updated, as well as any other security programs you have.

-More tips and programs can be found HERE

Please post back if you have any problems or questions.

Take care

**JonDou** · 2012-05-15, 17:26

hi oldman960

You guys are amazing. I can't thank You enough oldman960 for cleaning my computer

. It looked so easy looking at your posts and instructions, but I was so scared

. Thank You so much mate.

I've got a minor issue now. When I ran OTL to do the clean up, it deleted(cleaned) the defogger as well

. Now I don't know how to enable Emulation drivers. Is there an option inside the program that I'm using (Alcohol 120%) or should I download a new one and then ... hmm, I dont know

?

Would it be rude if I ask You a questions? When I open windows explorer and from that window I open disc C: or any other folder, windows explorer stops working (incountered a problem and needs to close) and then the whole desktop refreshes and windows explorer becomes functional again. Can You help me with that or at least if You could tell me where to post that thread, in which subforum?

Thanks again for fixing it oldman960

Thread: Another IDP.Trojan.1C8D1A13 and Crypt.AQLW infection...please help

Thread Tools

Display

Re:

Re:

Re:

Re:

Re:

Re:

Re:

Posting Permissions